Table of contents
With Authentication, Powell Teams allows you extend scenarios in Powell Teams with a new admin consent.
When you install Powell Teams, we use the default permission by default. However you have an option to extend the authorization with a new active directory app based on “Application permission”.
With application permission, you authorize the application to perform certain tasks, even if a user does not have specific rights.
Some of the features of Powell Teams app need specific permissions to operate.
The different permissions requested by Powell Teams to make calls to the graph API are the following
- Read & write all groups: read allow us to build activity reports and write is only necessary to create teams when you enable the automatic approbation
- Read items in all site collections: for activity reports
- Read all users' full profiles: for activity report and member management in automatic approval
- Read all usage reports : for Powell Teams reports
Sharepoint API permission is necessary to use the Site Design feature :
- Have full control of all site collections : for Site Design deployment
With application permission, you authorise the application to perform certain tasks, even if a user does not have specific rights or are not connected.
Automatic approval flow is one of the feature that will benefit from the authentication options (to use it you will need to activate the advanced or Enterprise permissions).
How to configure the new admin consent
To configure the new admin consent, follow the steps described below :
Step 1 : Go to the administration menu in the global administration section and click on "Authentication".
Default permissions are set by default.
Step 2 : Choose between "Advanced" and "Enterprise", depending your requirements
ADVANCED : You need to click on the additional admin consent button and validate the app with an O365 global admin account
ENTERPRISE: You need to create your own AAD app in Azure with the required right first then put your client id & client secret in the form.
To use the site design option, you will need to add a certificate to allow Powell Teams to have full control of all site collections : for Site Design deployment
For more information go to the following page. https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app#add-credentials