metadata-ingestion/docs/sources/azure-ad/azure-ad_pre.md
The azure-ad module ingests metadata from Azure Ad into DataHub. It is intended for production ingestion workflows and module-specific capabilities are documented below.
Before running ingestion, ensure network connectivity to the source, valid authentication credentials, and read permissions for metadata APIs required by this module.
Create a DataHub application in the Azure AD portal and grant these Application permissions:
Group.Read.AllGroupMember.Read.AllUser.Read.AllYou can add permissions in the API permissions tab of your application configuration.
<p align="center"> </p>You can verify required endpoint values from the Endpoints action in the application overview.
<p align="center"> </p>Users ingested from this connector will only be able to log in to DataHub if Okta OIDC SSO is configured in your DataHub deployment.