Guideazureentra-idsso

Azure App access

Approve Eddytor as an Enterprise Application in Microsoft Entra ID — permissions, scopes, and why they are needed.

Updated Feb 11, 20262 min read

How to approve Eddytor as Enterprise Application in Entra ID

In order to approve Eddytor in Entra ID, you need to use it for the first time as an admin.

  1. Go to app.eddytor.com
  2. Enter your email address
  3. You will receive a magic link by email — click it to sign in
  4. Click Connect to data
  5. Click Azure
  6. Log in with an admin account
  7. Approve the application access for all in the organization
  8. Select a storage account and select a container. The user logged in needs to have Reader access to a storage account and Storage Blob Data Contributor on the storage account or the container.
  9. Approve additionally required permission for the application
  10. Done

Why these permissions are needed

The primary purpose of this app is to allow users to edit and manage data in Azure Storage accounts, specifically interacting with Delta tables and inputting data. The app requires certain permissions to let users perform these actions while ensuring they do so securely and within their existing access rights.

By granting these permissions, the app allows users to operate as themselves within the software. This means users can only make changes to the storage accounts or data they already have permission to access — nothing more. The app doesn't provide users with any extra privileges; it simply facilitates their ability to perform the same actions they would manually, but more efficiently through the app.

For example:

  • If a user has access to specific Delta tables, they can edit or input data into those tables directly through the app, but they cannot access or alter tables or storage accounts they do not have permissions for.
  • The app uses Microsoft's secure authentication methods, so users continue working within their existing security boundaries, ensuring compliance with your organization's access controls.

This setup ensures that users can manage their data in Azure Storage safely, with the app acting as a secure tool that respects the access limitations already in place.

Specific Enterprise app API access prompted for approval

All permissions are delegated and require admin consent. An administrator must approve these permissions for the organization.

API nameClaim valuePermissionTypeGranted through
Azure Resource Manageruser_impersonationAccess Azure Resource Manager as organization usersDelegatedAdmin consent
Azure Storageuser_impersonationAccess Azure StorageDelegatedAdmin consent
Microsoft GraphemailView users' email addressDelegatedAdmin consent
Microsoft Graphoffline_accessMaintain access to data you have given it access toDelegatedAdmin consent
Microsoft GraphopenidSign users inDelegatedAdmin consent
Microsoft GraphprofileView users' basic profileDelegatedAdmin consent
Microsoft GraphUser.ReadSign in and read user profileDelegatedAdmin consent
Related

Keep reading.

Guide

Eddytor in a nutshell

What Eddytor is, the problem it solves, and how it plugs into your Azure infrastructure.

Guide

The master data problem

Why spreadsheets and SharePoint lists break down for master data — and where Eddytor fits in.

Tutorial

Introduction

A short walkthrough of Eddytor's core features — connecting, editing, bulk upload, creating tables, and constraints.

Still stuck? We reply fast.

Can't find it? Ask support and a human will answer, usually within a few hours.

Contact supportOpen Eddytor