Table of Contents
OAuth secures authentication and authorization
Permissions requested from production
Overview
This article contains security information relative to Simpplr's Microsoft Teams integration. For setup and usage instructions on the integration, check out this article.
It's important to note that in order to access data, Simpplr uses "delegated access" [Delegated Access = “Access on behalf of a user”].
Application access is used only to create the custom app with no user data access.
Simpplr does not require your org's Microsoft Global Admin to connect and enable the integration before anyone else. Any user with the Teams Administrator or Application Administrator roles in Microsoft can set up and configure the integration.
However, a Global Admin is needed to log into the admin centre and provide consent for custom app permissions.
Note:
The requested permission scopes can seem alarming as they mention "all users." The Microsoft-generated consent screen should ideally clarify that the permissions are granted “on behalf of the signed-in user,” but this phrasing is missing.OAuth secures authentication and authorization
- Simpplr accesses MS Teams as the user, never as a Global Administrator.
- Users need to explicitly give Simpplr permission to access MS Teams.
- The Global Administrator (GA) must approve this user request by granting consent.
- This consent is done once and applies to all users, with the GA choosing to “consent on behalf of the organisation.”
- All actions performed in MS Teams are logged by Microsoft as actions taken by Simpplr on behalf of the specific user.
Permissions requested from production
-
Maintain access to data you have given it access to
-
Allows the app to see and update the data you gave it access to, even when you are not currently using the app. This does not give the app any additional permissions.
-
-
Read all users' full profiles
-
Allows the app to read the full set of profile properties, reports, and managers of other users in your organization, on your behalf.
-
-
Read the names and descriptions of teams
-
Read the names and descriptions of teams, on your behalf.
-
-
Read the names and descriptions of channels
-
Read channel names and channel descriptions, on your behalf.
-
-
Send channel messages
-
Allows the app to send channel messages in Microsoft Teams, on your behalf.
-
-
Read all app catalogs
-
Allows the app to read apps in the app catalogs.
-
-
Read all groups
-
Allows the app to list groups, and to read their properties and all group memberships on your behalf. Also allows the app to read calendar, conversations, files, and other group content for all groups you can access.
-
-
Submit application packages to your organization's catalog and cancel pending submissions
-
Allows the app to submit application packages to the catalog and cancel submissions that are pending review on your behalf.
-
-
Read and write to all app catalogs
-
Allows the app to create, read, update, and delete apps in the app catalogs.
-
Comments
Please sign in to leave a comment.