Description
As per the Microsoft’s announcement for Azure AD Graph API Deprecation last year: June 2024 update on Azure AD Graph API retirement, the Azure AD Graph will be fully retired after June 30, 2025, and no API requests will function at this point, regardless of the application’s configuration.
This announcement serves as a reminder to update your configuration by setting useMSGraphAPI to true (if you haven’t already).
This change is necessary to ensure a smooth transition to Microsoft Graph APIs and to avoid any disruptions once Azure AD Graph is fully retired. Migrating in a timely manner is critical to maintaining service continuity and staying compliant with Microsoft’s deprecation schedule.
Action Required
If the useMSGraphAPI entry is missing from the source configuration XML or is currently set to false, please ensure it is added and set to true as shown below:
<entry key="useMSGraphAPI">
<value>
<Boolean>true</Boolean>
</value>
</entry>
- Ensure the client application created to connect to Azure (MS Entra) has required Microsoft Graph API permissions. For more information, refer to Required Permissions.
- If you are already using Microsoft Graph API and
useMSGraphAPI is set as true, then no action item is required.
Note: If you are using the Microsoft Entra (SaaS) connector, then no action is required.
Additional Resources
1 Like
Hi @dinesh_mishra,
Please note that sources in ISC are represented to the customer through APIs in JSON format, not in XML format. So for many ISC customers, this announcement might be confusing.
Also this connector name is different for different customers isn’t it? We see the connector in ISC under the name Azure Active Directory, assuming you are talking about that one?
Kind regards,
Angelo
Hi @dinesh_mishra,
Thank you for the timely reminder and clear guidance on the upcoming Azure AD Graph API deprecation. I believe there was a communication earlier as well.
With Microsoft’s firm deprecation date of June 30, 2025, it’s critical that organizations complete the transition to Microsoft Graph API well in advance to ensure service continuity and avoid any unexpected disruptions.
As an extension of the valuable service SailPoint provides to it’s customers it would be great to have CSM reachout to customers who are still not using MS Graph APIs in their Entra ID / Azure Active Directory source(s).
Hi @TheOneAMSheriff, there are very few such instances; however, we also followed that path. Thank you!
1 Like
Hi @angelo_mekenkamp, appreciate your feedback. Yes, the connector is rebranded in UI and documentation as, “Microsoft Entra ID”; however, the source type is still “Azure Active Directory”. You can use source update API to add/update this setting in the source XML, refer to Sources | SailPoint Developer Community. Thanks!
Thank you @dinesh_mishra.
Until the rebranding has fully be completed by SailPoint and the source type is not called Azure Active Directory anymore (which is still visible in both API and UI) I suggest you to incorporate this bit in your next annoucements and still mention Azure Active Directory. After all, this is the term we currently need in UI and API to find out if we have any sources with this specific connector.
Also, I want to again address that for customers who only have ISC experience, it does not make sense when you are talking about the source XML. As such, when you are referring to this bit below, it can be very confusing:
To ensure that your announcements whose target audience include ISC customers are user friendly and non-confusing, I suggest you take this into account. For example you can say “ISC users can configure this by adding the value true under the path /connectorAttributes/useMSGraphAPI in the source JSON using this API and IIQ users can configure this by adding <entry key="useMSGraphAPI"><value><Boolean>true</Boolean></value></entry> in the source XML”. In this way, ISC customers are not being told to change the XML, which does not mean anything to them.
Thanks!
1 Like