How To Create Graph API With Permissions For Employee Directory API Configuration
In Employee Directory application graph API is used to exclude block users, exclude users hidden in GAL, in syncing Azure images, in syncing mobile numbers from Active Directory and in syncing AD properties.
Note: Global Admin access is required to configure Azure API
Provide any name and finally click on Register button. You have created your Azure AD application.
7. Select API permissions and assign Graph User.Read.All (only read permissions are required) permission.
Click on Add permissions.
Click on Grant admin consent.
Click on Authentication from side panel, then on Add a platform button, Configuration platforms opens and select the single page application. Provide employee directory application URL up to Home.aspx from browser URL box and click on configure button.
Select the Access tokens & ID tokens and click on save icon
Now click on overview from side navigation panel and copy the Application ID
Copy ‘Application (client)ID’ and paste it in client ID field of MSAL in Employee directory settings and finally click on submit button, permission requested window opens, select the check box and click on Accept button as shown in below images
Note: In case if fails to connect please refresh the browser and try again.