limited-rainbow-51650
03/21/2022, 3:15 PMexport function configureAzureADMembership(memberArgs: MemberArgs[]) {
let azureSsoGithubGroup = azuread.getGroupOutput({
displayName: "Azure - SSO - Github",
securityEnabled: true,
});
memberArgs.map((memberInfo) => {
let user = azuread.getUserOutput({
userPrincipalName: memberInfo.email
});
// new azuread.GroupMember(`github-sso-${memberInfo.username}`, {
// groupObjectId: azureSsoGithubGroup.id,
// memberObjectId: user.id,
// });
})
}
Before even managing the membership, I'm testing that user and group lookup work correctly. The service principal has permission Directory.Read.All
, as documented here:
https://www.pulumi.com/registry/packages/azuread/api-docs/getgroup/#api-permissions
Even with this level of access, I still get this error on each user or group lookup:
Authorization_RequestDenied: Insufficient privileges to complete the operation.
I triple checked the values of the authentication config settings for azuread:clientId
, azuread:clientSecret
and azuread:tentantId
and they are correct. Anyone an idea what I might be missing?Application
rather than Delegated
.