Skip to main content

Azure Active Directory application permissions required for using MS Graph as an import source

Article # 3035181 - Page views: 79


The chapter "Permissions for Azure Active Directory application" in theKofaxTotalAgilityAdministratorsGuide_EN.pdf for KTA 7.8 doesn't mention the API names correctly.
Additionally a crucial step to configure the application correctly is missing completely.

Note 1: the documented Exchange API permissions in the KTA 7.8 documentation are not needed and have been removed from this article.

Note 2: this article is only valid for the Resource Owner Password Credentials (ROPC) grant method.

The documentation for KTA 7.9 reflects these changes and contains more information about other grant methods


Here you can find the correct API names and the related Permission names.

API name Permission name Type
Microsoft Graph Mail.ReadWrite Delegated
Mail.ReadWrite.Shared Delegated
User.Read Delegated

Also perform these steps to make the Application public:

  1. Login to
    Note Ensure that you have necessary permissions to change the application settings.
  2. Click the View button for Manage Azure Active Directory.
  3. From the Manage menu, click App registrations.
  4. In the right pane, select the application you have created in Azure Active Directory.
  5. From the Manage menu, click Authentication.
  6. Under Advanced settings in the right pane, set the value for Allow public client flows to Yes.
  7. Click Save.
  8. Restart Kofax Message Connector Service.

Level of Complexity 


Applies to  

Product Version Build Environment Hardware
Kofax TotalAgility All versions that support MS Graph import with the Resource Owner Password Credentials grant.      



Article # 3035181
  • Was this article helpful?