The following permissions are required to enable API in Skyhigh CASB for AIP and to use Custom OAuth for AIP.
To add the required APIs with the permissions, click API Permissions.
- Select and add the required APIs with their respective permissions as per the following tables. All permission types should be set to Application Permissions unless otherwise stated.
- Do not add additional permissions, and do not leave out any permissions. Stick to this list or API enablement will not work.
|For AIP set the following permissions
Azure Rights Management Service:
Read protected content on behalf of a user
Create protected content on behalf of a user
Read all protected content for this tenant
Create protected content
Create and access protected content for users (type=delegated)
Microsoft Graph (type=delegated):
Sign in and read user profile (User.Read)
Microsoft Information Protection
Read all unified policies of the tenant
Read all unified policies a user has access to (type=delegated)