Table of contents
New to Powell Teams? Click here for the full product overview.
Introduction
With Authentication, Powell Teams allows you to extend scenarios in Powell Teams with a new admin consent.
When you install Powell Teams, we use the default permission by default. However, we recommend to extend the authorization with a new active directory app based on "Application permission."
You authorize the application to perform specific tasks with application permission, even if a user does not have specific rights.
Some of the Powell Teams app features need specific permissions to operate.
Admin consent
To allow Powell Teams users to access their Microsoft Teams data in your Office 365 environment, You need to enable the connection to the Microsoft Graph API. An Office 365 global administrator must consent to the Azure AD app and its permissions. Without consent, the application will not work.
The status of the consent by Graph can take up to 1 minute to be updated.
Powell Teams propose two different types of permission levels, a default one (mandatory), that use the delegated rights of the connected users to perform actions on Powell Teams. And a second one, the advanced that gives some permissions to Powell Teams application to perform actions on its own.
We recommend consenting to the advanced one to be able to benefit from all the Powell Teams features and improve your experience.
Here are the required rights needed for the default permission:
- Read all company places: To be able to have access to the calendar of your company meeting rooms.
- Maintain access to data you have given access to: To be able to manage authentication of the users.
- Read and write all OneNote notebooks that users can access: To manage OneNote content in team templates.
- Invite guest users to the organization: To be able to invite guests during team creations when the template allows it.
- Read and write in all users' calendars and shared calendars: To check users' availability and create online meetings sent by Coffee machine invitations. And to manage desk booking with Flexdesk Powell Teams tab.
- Sign in and read all user's full profiles: To be able to manage authentication of the users. And get their Microsoft Teams configuration (language, theme). It is also needed to synchronize the team list on the back office and user dashboard.
- Read and write all groups: To synchronize the team list on the back office and user dashboard.. Write to create teams.
- Access directory as the signed user: To be able to invite collegues of your company during team creations. And to be able to manage authentication of the users.
- Read items in all site collections: To be able to generate Together portals and also to synchronize the team list on the back office and user dashboard.
Here are the required rights needed for the advanced permission (recommended):
- Read items in all site collections: To retrieve content associated with the connected user rights and also to synchronize the team list on the back office, user dashboard, and reports.
- Invite guest users to the organization: To be able to invite guests during team creations when the template allows it.
- Sign in and read all user's full profiles: To get the user's Microsoft Teams configuration (language, theme). It is also needed to synchronize the team list on the back office, user dashboard, and reports.
- Read all usage reports: To generate Powell Teams reports. And to synchronize the team list on the back office, user dashboard, and reports.
- Read and write all groups: Read to allow us to build activity reports. Write to create teams. And to synchronize the team list on the back office, user dashboard, and reports.
- Read and write directory data: To synchronize the team list on the back office, user dashboard, and reports.
- Read and write calendars in all mailboxes: To check users' avaibility and create online meetings sent by Coffee machine invitations. Manage desk booking with Flexdesk Powell Teams tab.
- Read and create online meetings: To send Coffee machine invitations.
- Read and write all OneNote Notebooks: To manage OneNote content in team templates.
- Get a list of all teams & read all teams setting: To create reports and "all Teams" page and display team settings in team edition wizard.
- Read the members of all channels: To generate team reports and synchronize the team list on the back office, user dashboard, and reports.
- Have complete control of all site collections (SharePoint API): To deploy Site Design in team creations.
- Channel message read all: To be able to be notified in case of a new message, reply, reaction in a team channel to build the inactive team report.
Some of the permissions are needed for default and advanced permissions as actions can be performed by the connected user or by the application (only in advanced).
After consenting to the "Advanced permission" based on the application permission you are still able to active some additional features or not.
How to configure the new admin consent
To configure the new admin consent, follow the steps described below :
Step 1: Go to the administration menu in the global administration section and click on "Authentication".
Default permissions are set by default after your first administrator consent.
Step 2: Choose between "Advanced" and "Enterprise", depending on your requirements
ADVANCED: You need to click on the additional admin consent button and validate the app with an O365 global admin account
ENTERPRISE: You need to create your own AAD app in Azure with the required right first then put your client id & client secret in the form.
For more information go to the following page: https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app#add-credentials
Technical requirements
Some Powell Teams features (Powell Teams tabs & Together) need some technical requirements to operate:
- Have an existing app catalog - To create an app catalog: https://docs.microsoft.com/fr-fr/sharepoint/use-app-catalog
- Powell SPFx package deployed on this app catalog to benefit from Powell Intranet web parts on Powell Teams tabs or portal pages
Once your app catalog is created (it can take some time), you are able to sync the Powell SPFx package. Powell SPFx package can be updated several times a year.
Comments
0 comments
Please sign in to leave a comment.