API Permissions for Integrations

This page outlines the API permissions required by an Integration for enabling features within Oort

Overview

This page contains API details for the following Integrations:

  • Azure AD

  • Duo

  • Okta

  • Auth0

  • Google (G-Suite)

  • Salesforce

Integrations

This section contains a summary of the API permissions for Oort integrations and the purpose for which the connection is used

Azure AD

This section covers the API permissions for the following Microsoft Azure APIs:

MS Graph API - Application Permissions

MS Graph API - InTune Devices

MS Graph API - Permissions for Remediation Actions

These API permissions allow updates to be made directly from Oort to Azure AD

Duo

Duo Admin API with the following permissions are required for Duo integration instances:

The following permissions are required for Remediation Actions:

These API permissions allow updates to be made directly from Oort to Duo

Okta SSWS API Token Scopes

As we require the minimal set of privileges, the custom admin role must be created in order to support remediations in Oort (ref to Oort Help Desk Admin role in https://oortpreview-admin.oktapreview.com):

Auth0 API Permissions

In Auth0 Management API:

Add a "Machine to Machine" application (Applications --> Applications) should be configured in Auth0 (via a configured API (Applications --> APIs) with the following scope permissions:

G-Suite Connected App Permissions

The following permissions are required for Remediation Actions:

These API permissions allow updates to be made directly from Oort to G-Suite

| https://www.googleapis.com/auth/admin.directory.user.security | audit logs |

Salesforce Connected App Permissions

Last updated