To perform onboarding and off-boarding in Azure onto the DAY2™ Platform, users need specific roles and permissions. The top row of the table labeled "[Recommended]" describes the least permissions required to run the onboarding process. The two rows below describe permissions that would allow the user to perform onboarding, but are more permissive than required.


Required Permissions:

Azure Role

Details

Owner + Application Developer

[Recommended]

  • Owner: Owner of the subscription.
  • Application Developer: Azure AD built-in role to create, manage, and delete Service Principals/App Registrations (can delete only Service Principals created by them).

Owner + Application Administrator

  • Owner: Owner of the subscription.
  • Application Administrator: Azure AD built-in role to add, manage, delete, and configure enterprise applications, app registrations.

Owner + Global Administrator

  • Owner: Owner of the subscription.
  • Global Administrator: Azure AD built-in role to manage all aspects of Azure AD and Microsoft services that use Azure AD identities.


Additional Information:

  • Administrator roles such as Application Developer, Application Administrator, etc., can only be assigned to users, groups, managed identities, and applications (Service Principals) by Global Administrators.



Ensuring the correct permissions are assigned is crucial for the successful onboarding and offboarding of your Azure subscription to the DAY2™ Platform. Choose the appropriate set of roles based on your organizational requirements and security policies.