AvePoint Knowledge Center
Request article
Contact support
Request article
Contact support
English

    Home > Manage App Profiles > API Permissions Required by AvePoint Apps > Apps for Individual Services > Cloud Backup for IaaS + PaaS > Cloud Backup for Azure AD B2C

    Export to PDF

    Cloud Backup for Azure AD B2C

    When you create a Cloud Backup for Azure AD B2C app profile in AvePoint Online Services, the AvePoint Cloud Backup for Azure AD B2C app will be automatically set up in your Microsoft Entra ID.

    The table below lists the permissions that should be accepted when you authorize the AvePoint Cloud Backup for Azure AD B2C app.

    APIPermissionTypePurpose
    MSFT GraphIdentityUserFlow.ReadWrite.All(Read and write all identity user flows)ApplicationAllows the app to read or write your organization's user flows, without a signed-in user.
    MSFT GraphIdentityProvider.ReadWrite.All(Read and write identity providers)ApplicationAllows the app to read and write your organization's identity (authentication) providers' properties without a signed-in user.
    MSFT GraphApplication.ReadWrite.All(Read and write all applications)ApplicationAllows the app to create, read, update and delete applications and service principals without a signed-in user. Does not allow management of consent grants.
    MSFT GraphAuditLog.Read.All(Read all audit log data)ApplicationAllows the app to read and query your audit log activities, without a signed-in user.
    MSFT GraphDirectory.Read.All(Read directory data)ApplicationAllows the app to read data in your organization's directory, such as users, groups and apps, without a signed-in user.
    MSFT GraphAppRoleAssignment.ReadWrite.All(Manage app permission grants and app role assignments)ApplicationAllows the app to manage permission grants for application permissions to any API (including Microsoft Graph) and application assignments for any app, without a signed-in user.
    MSFT GraphRoleManagement.ReadWrite.Directory(Read and write all directory RBAC settings)ApplicationAllows the app to read and manage the role-based access control (RBAC) settings for your company's directory, without a signed-in user. This includes instantiating directory roles and managing directory role membership, and reading directory role templates, directory roles and memberships.
    MSFT GraphUser.ReadWrite.All(Read and write all users' full profiles)ApplicationAllows the app to read and update user profiles without a signed in user.
    MSFT GraphUserAuthenticationMethod.ReadWrite.All(Read and write all users' authentication methods)ApplicationAllows the application to read and write authentication methods of all users in your organization, without a signed-in user. Authentication methods include things like a user's phone numbers and Authenticator app settings. This does not allow the app to see secret information like passwords, or to sign-in or otherwise use the authentication methods.
    MSFT GraphGroupMember.ReadWrite.All(Read and write all group memberships)ApplicationAllows the app to list groups, read basic properties, read and update the membership of the groups this app has access to without a signed-in user. Group properties and owners cannot be updated and groups cannot be deleted.
    MSFT GraphUser.ManageIdentities.All(Manage all users' identities)ApplicationAllows the app to read, update and delete identities that are associated with a user's account, without a signed in user. This controls the identities users can sign-in with.
    MSFT GraphUser-Mail.ReadWrite.All(Read and write all secondary mail addresses for users)ApplicationAllows the app to read and write secondary mail addresses for all users, without a signed-in user.
    MSFT GraphUser-Phone.ReadWrite.All(Read and write all user mobile phone and business phones)ApplicationAllows the app to read and write the mobile phone and business phones for all users, without a signed-in user.
    MSFT GraphUser.EnableDisableAccount.All(Enable and disable user accounts)ApplicationAllows the app to enable and disable users' accounts, without a signed-in user.