Ctrlk
For the complete documentation index, see llms.txt. This page is also available as Markdown.

API Permissions for Integrations

This page outlines the API permissions required by an Integration for enabling features within Oort

Overview

This page contains API details for the following Integrations:

  • Azure AD

  • Duo

  • Okta

  • Auth0

  • Google (G-Suite)

  • Salesforce

Integrations

This section contains a summary of the API permissions for Oort integrations and the purpose for which the connection is used

Azure AD

This section covers the API permissions for the following Microsoft Azure APIs:

MS Graph API - Application Permissions

Name
Description
Purpose

AuditLog.Read.All

Read all audit log data

Read user activity from the Audit Log

Directory.Read.All

Read directory data

Group.Read.All

Read all groups

GroupMember.Read.All

Read all group memberships

Get a list of user's group memberships

Reports.Read.All

Read all usage reports

Find a manager's end user direct reports

User.Read.All

Read all users' full profiles

Policy.Read.All

Read your organization's policies

Get a list of policies and named locations

IdentityRiskyUser.Read.All

Read your organization's risky users

Get a list of users marked as Risky by Azure

IdentityRiskEvent.Read.All

Read your organization's risky user events

Read details on events associated with Risky user activities

UserAuthenticationMethod.Read.All

Read user auth methods

Read user authentication methods that are available

MS Graph API - InTune Devices

Name
Description

DeviceManagementApps.Read.All

Read Microsoft InTune apps

DeviceManagementConfiguration.Read.All

Read Microsoft InTune device configuration and policies

DeviceManagementManagedDevices.Read.All

Read Microsoft InTune devices

MS Graph API - Permissions for Triaging Alerts and Remediation Actions

These API permissions allow updates to be made directly from Oort to Azure AD

Name
Remediation Type

User.ReadWrite.All, User.ManageIdentities.All, Directory.ReadWrite.All

Update User Type

User.ReadWrite.All, Directory.ReadWrite.All

User Log out

UserAuthenticationMethod.ReadWrite.All

Factors Reset (TBD)

Duo

Duo Admin API with the following permissions are required for Duo integration instances:

Name
Description
Purpose

Grant read log

Permit Admin API application to read logs

Read the Duo event log

Grant read resource

Permit Admin API application to read resources such as users, phones, and hardware token

Get a list of users and devices

The following permissions are required for Triaging Alerts and Remediation Actions:

These API permissions allow updates to be made directly from Oort to Duo

Name
Remediation Type

Grant write resource

Reset Factors

Okta SSWS API Token Scopes

API
HTTP Operation

/api/v1/*

READ

As we require the minimal set of privileges, the custom admin role must be created in order to support remediations in Oort (ref to Oort Help Desk Admin role in https://oortpreview-admin.oktapreview.com):

Screenshot 2023-03-28 at 9 16 34
Screenshot 2023-03-28 at 9 16 49
Screenshot 2023-03-28 at 9 17 34

Auth0 API Permissions

In Auth0 Management API:

Add a "Machine to Machine" application (Applications --> Applications) should be configured in Auth0 (via a configured API (Applications --> APIs) with the following scope permissions:

Scope
Description
Purpose

read:users

Read Users

Get a list of Users

read:logs

Read Logs

Read Auth0 Event logs

read:user_logs

Read logs relating to users

Read Auth0 User logs

read:guardian_factors

Read Guardian factors configuration

Get a list of Users and Authenticator configurations

G-Suite Connected App Permissions

Scope
Description

https://www.googleapis.com/auth/admin.directory.group.member.readonly

groups membership

https://www.googleapis.com/auth/admin.directory.group.readonly

groups

https://www.googleapis.com/auth/admin.directory.user.readonly

users

https://www.googleapis.com/auth/admin.directory.rolemanagement.readonly

rolemanagement

https://www.googleapis.com/auth/admin.directory.orgunit.readonly

devices

https://www.googleapis.com/auth/admin.directory.audit.readonly

audit logs

The following permissions are required for Triaging Alerts and Remediation Actions:

These API permissions allow updates to be made directly from Oort to G-Suite

| https://www.googleapis.com/auth/admin.directory.user.security | audit logs |

Salesforce Connected App Permissions

Scope
Description
Purpose

Manage user data via APIs (api)

Allows access to the current account using APIs, such as REST API and Bulk API 2.0

Collect user data

PreviousTroubleshooting & SupportNextResponsible Disclosure Policy

Last updated