# Entra ID (Azure) - Permissions #### Least Privilege Our integration with Azure AD utilizes Role Based Access Controls (RBAC) which in turn uses the security principle of *least privilege*. Least privilege means that the enterprise app created by the integration has precisely the amount of privilege that is necessary to perform a job and nothing more. #### Permissions The Azure Active Directory integration uses the following **read only, only delegated** permissions:

Permission Name	Type	Description
Email	Delegated	View users' email address
Group.Read.All	Delegated	Read all groups
GroupMember.Read.All	Delegated	Read group memberships
offline_access	Delegated	Maintain access to data you have given it access to
openid	Delegated	Sign users in
User.Read	Delegated	Sign in and read user profile
User.Read.All	Delegated	Read all users' full profiles
User.ReadBasic.All	Delegated	Read all users' basic profiles

If any issues or questions, please contact us at , we are available nearly 24/7 and will get back to you within 6-8 hours or less.
With 🤍 from Popl. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.popl.co/introduction/integrations/syncing-members-from-azure-active-directory-entra-id/entra-id-azure-permissions.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.