Consent the iThink Connect Sync Entra Application

 

First of all, you need to consent to the iThink Connect Sync application. The reason is this is the application that performs the synchronization process and creates users, disables users and it does need some additional permissions. The application needs to be a privileged administrator because it might need to disable an account that is a Global Admin!

 

To consent the application, do the following:

https://login.microsoftonline.com/organizations/v2.0/adminconsent?client_id=adf22324-ba2f-4b58-b3ed-b1ee19865f73&scope=https://graph.microsoft.com/.default&redirect_url=https://setup.connect.apps.ithink365.co.uk

 

This will give the application the following permissions.

A screenshot of a computer 
Description automatically generated

 

Setup permissions to be able to modify Privileged users

In order that the system can update Global Admins and other privileged users you will need to add the iThink Connect Sync tool into the Privileged Authentication Administrators Role.

  • Browse to https://portal.azure.com
  • Click on Microsoft Entra ID
  • Choose Roles and administrators
  • Search for Privileged Authentication Administrators
  • Open Role
  • Search for iThink Connect Sync 
  • Add and click save