Skip to main content

*** Archive *** Permissions for Azure Active Directory application needed for using MS Graph as an import source

Article # 3023690 - Page views: 904


Question / Problem: 

The chapter "Permissions for Azure Active Directory application" in theKofaxTotalAgilityAdministratorsGuide_EN.pdf for KTA 7.8 doesn't mention the API names correctly.
Additionally a crucial step to configure the application correctly is missing completely.

Note 1: the documented Exchange API permissions in the KTA 7.8 documentation are not needed and have been removed from this article.

Note 2: this article is only valid for the Resource Owner Password Credentials (ROPC) grant method.

The documentation for KTA 7.9 reflects these changes and contains more information about other grant methods

Answer / Solution: 

Here you can find the correct API names and the related Permission names.

API name Permission name Type
Microsoft Graph Mail.ReadWrite Delegated
Mail.ReadWrite.Shared Delegated
User.Read Delegated


Also perform these steps to make the Application public:

  1. Login to
    Note Ensure that you have necessary permissions to change the application settings.
  2. Click the View button for Manage Azure Active Directory.
  3. From the Manage menu, click App registrations.
  4. In the right pane, select the application you have created in Azure Active Directory.
  5. From the Manage menu, click Authentication.
  6. Under Advanced settings in the right pane, set the value for Allow public client flows to Yes.
  7. Click Save.
  8. Restart Kofax Message Connector Service.

Applies to:  

Product Version
KTA All versions that support MS Graph import with the Resource Owner Password Credentials grant.