SSO module permissions must be User.Read.All

[JohannesRudolph]

Applying this module vanilla fails because User.Read is not a known MS Graph permission

terraform-azure-meshplatform/modules/meshcloud-sso/module.tf

Line 28 in 23e30c9

id = data.azuread_service_principal.msgraph.app_role_ids["User.Read"]

The correct one seems to be User.Read.All which also matches instructions at https://docs.meshcloud.io/docs/meshstack.identity-provider.html#azure-ad-aad

[JohannesRudolph]

It also seems that type=Scope is not correct, azure portal does not enable granting admin consent in this case. This can be fixed by changing this to type=Role