Who has access to ShareGate Apricot?
Once a global administrator has consented the app, any global administrator, SharePoint administrator, or groups administrator can log in to ShareGate Apricot with their Microsoft 365 account.
ShareGate Apricot users must have their role permissions granted directly with one of the Azure AD built-in roles. If the role assignment is granted through Azure PIM, they will not be able to access Apricot.
When using PowerShell to manage admin roles in Azure AD, use the ObjectID:
- f28a1f50-f6e7-4571-818b-6a12f2af6b6c (SharePoint admin)
- 62e90394-69f5-4237-9190-012177145e10 (global admin)
- fdd7a751-b60b-444a-984c-02652fe8fa1c (groups admin)
Team and group owners will be contacted by email or Teams chatbot when their input is needed regarding their content. They do not have access to the online application.
How can I restrict access to ShareGate Apricot?
You can restrict user access to the app through the Azure Portal with the steps below:
- Sign in to your Azure Portal as a Global Administrator.
- Navigate to the Enterprise Applications service (either through the search bar or the Azure services section).
- Search for "ShareGate Apricot" in the Enterprise applications search bar.
- Click on the name of the application.
- Click on Properties In the left menu (in the Manage section).
- Set User assignment required? to Yes.
- Click Save.
- Click Users and groups in the left menu (in the Manage section).
- Add or remove users to grant or remove access.