This article explains how to manage user access in ShareGate Protect. For information on how to manage user access in ShareGate Migrate, see How can I manage access to ShareGate Migrate?
Index
Who has access to ShareGate Protect?
After a global administrator has consented ShareGate, any global administrator, SharePoint administrator, or groups administrator can log in to ShareGate Protect with their Microsoft 365 account.
When using PowerShell to manage admin roles in Azure AD, use the ObjectID:
f28a1f50-f6e7-4571-818b-6a12f2af6b6c (SharePoint admin)
62e90394-69f5-4237-9190-012177145e10 (global admin)
fdd7a751-b60b-444a-984c-02652fe8fa1c (groups admin)
Note: If a user's role was assigned through Microsoft Entra Privileged Identity Management (PIM), they may be unable to access ShareGate Protect.
Owners
Team and group owners will be contacted by email or our ShareGate Teams chatbot when their input is needed. They do not have access to ShareGate directly.
How can I restrict access to ShareGate Protect?
You can restrict user access to ShareGate Protect through the Azure Portal with the steps below:
Sign in to your Microsoft Azure portal as a global administrator.
Navigate to the Enterprise applications service (either through the search bar or from the Azure services section).
Use the search field to find ShareGate.
In the list of your applications, select ShareGate. You will be brought to the Overview page.
โNote: If you consented to ShareGate before February 14, 2022, ShareGate Protect may be named ShareGate Apricot in Azure.
From the menu, under Manage, select Properties.
Set Assignment required? to Yes.
Click Save.
From the menu, under Manage, click Users and groups.
From the Users and groups page, you can now add users to grant access or remove users to remove access.
Note: When you add users, they still need global admin, SharePoint admin, or groups admin permissions to use ShareGate Protect.