# Entra ID (Azure) - Permissions

#### Least Privilege 

Our integration with Azure AD utilizes Role Based Access Controls (RBAC) which in turn uses the security principle of *least privilege*. Least privilege means that the enterprise app created by the integration has precisely the amount of privilege that is necessary to perform a job and nothing more.

#### Permissions

The Azure Active Directory integration uses the following **read only, only delegated** permissions:

<table><thead><tr><th width="280.3333333333333">Permission Name</th><th width="169">Type</th><th>Description</th></tr></thead><tbody><tr><td>Email</td><td>Delegated</td><td>View users' email address</td></tr><tr><td>Group.Read.All</td><td>Delegated</td><td>Read all groups</td></tr><tr><td>GroupMember.Read.All</td><td>Delegated</td><td>Read group memberships</td></tr><tr><td>offline_access</td><td>Delegated</td><td>Maintain access to data you have given it access to</td></tr><tr><td>openid</td><td>Delegated</td><td>Sign users in</td></tr><tr><td>User.Read</td><td>Delegated</td><td>Sign in and read user profile</td></tr><tr><td>User.Read.All</td><td>Delegated</td><td>Read all users' full profiles</td></tr><tr><td>User.ReadBasic.All</td><td>Delegated</td><td>Read all users' basic profiles</td></tr></tbody></table>

If any issues or questions, please contact us at <teams@popl.co>, we are available nearly 24/7 and will get back to you within 6-8 hours or less.<br>

With 🤍 from Popl.