Activity Insights
Activity Insights supports activity from Microsoft Entra SaaS and its associated accounts. This allows you to gather account information and activity data from Microsoft Entra ID.
Important
Contact your SailPoint Customer Success Manager (CSM) for more information on Activity Insights. For more information on utilizing activity data, refer to Activity Insights.
Prerequisites
You must have an Microsoft Entra P1/P2 license to use this feature.
Required Permissions
To apply specific permissions correctly, you must select the appropriate grant types.
-
For Application Permissions
Select the Client Credentials and JWT Certificate Credentials grant types.
-
For Delegated Permissions
Select the Refresh Token grant type.
Note
These scopes must be granted as delegated and require administrator consent.
Refer to the following table for a complete list of the required permissions that must be assigned to the administrator.
|
Permission |
Type |
Purpose |
|---|---|---|
|
User.Read.All |
Application/ Delegated |
/users Allows the app to read all users' full profiles in Microsoft Entra ID, including display name, email, UPN, and assigned licenses |
|
LicenseAssignment.Read.All (or Organization.Read.All / Directory.Read.All) |
Application/ Delegated |
/subscribedSkus Allows the app to read all license assignment information including subscribed SKUs and service plan details |
|
AuditLog.Read.All |
Application/ Delegated |
/auditLogs/signIns Allows the app to read all audit log data, including sign-in logs for interactive, non-interactive, service principal, and managed identity sign-ins |
|
Application.Read.All |
Application/ Delegated |
/servicePrincipals Allows the app to read all application registrations and service principals, including their role assignments and group memberships |
Configure Activity Insights
To configure Activity Insights, refer to Activity Insights Settings.