Skip to main content
Skip table of contents

Microsoft Graph Group Membership Access

Overview

This document describes an issue related to reading signed-in users' group memberships from Microsoft Entra ID using Microsoft Graph. The backend application requires delegated permissions that must be granted by an administrator in the customer’s Identity Provider (IdP).

Context

Routty uses Microsoft Graph to retrieve the authenticated user's group memberships via the endpoint when the token doesn’t contain the Group Id or a list of Group Ids due to many groups.

Our backend Application

  • Application name: app-routty-express-api-tenant-sub-rou-prd

  • Application (client) ID: 5f992950-975d-47e6-af0c-bd95b30c8900

This application is registered in Microsoft Entra ID as an Enterprise Application.

Required Permission

Could a Global Administrator or Privileged Role Administrator in your IdP:

  1. Go to Entra ID → Enterprise applications and locate app-routty-express-api-tenant-sub-rou-prd.

  2. Open the app → Permissions (or Permissions and consent) and grant Admin consent for the Microsoft Graph delegated permission:

  • GroupMember.Read.All – “Read all group memberships”

  1. Confirm that users are allowed to sign in to this application.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close