How Analytics Uses Office 365 Global Administrator Credentials

Topic

Nintex Analytics requires Global Administrator credentials when adding a data connection from a SharePoint Online tenant.
 

Additional Information

The Global Administrator credentials are used to validate that the individual adding the data connection in a Nintex Analytics workspace is authorized to access the data within SharePoint Online.

 

In validating the credentials, Microsoft defines two techniques: Delegated and Application permission.

 

Going down the route of least privileges, Nintex Analytics leverages "Application Permission" with "Sites.Read.All" to validate that the account is a Global Administrator. Although the permission does say that Nintex Analytics can read items, we do not read any items from your SharePoint Online tenant and use it only for authentication purposes.

 

As part of this, an app called 'Nintex Analytics O365 Tenant Connector' is installed automatically onto Azure Active Directory (AAD) in the tenant. Nintex Analytics doesn't need or use this app to read any data; the Nintex Workflow for Office 365 app is used for reporting on Nintex Workflows. The 'Nintex Analytics O365 Tenant Connector' app can be removed from AAD after the data connection has successfully been added to Nintex Analytics.

 

Related Links

Labels: (1)
Version history
Last update:
‎04-08-2021 11:07 AM
Updated by:
Contributors