How Delegated Permissions Work in Practice

Once delegated permissions are set up:

1. The external application must authenticate users via its own user interface using the Authorization Code Flow with Microsoft Entra ID.
   1. Users sign in using their Entra ID credentials.
   2. Upon successful authentication, the app exchanges the authorization code for an access token.
   3. This token includes the user’s identity and delegated permissions.
2. The access token is passed to the 3E APIs, allowing the application to make requests on behalf of the authenticated user, subject to their access rights and data-level security.