FAQ
      Back to home
      1. Knowledge Base | OpsLogix
      2. SCOM Connector for Teams
      3. FAQ

      What type of permissions do I need in Azure to install the application

      This article explains what type of permissions you need to have in Azure to allow the application registration and allow the app to read necessary user information

      To be able to allow OpsLogix SCOM Connector for Teams to read information from Microsoft Graph, the user installing the app needs to have an account that is Global Administrator, Application Administrator, or a Cloud Application Administrator in your Azure Tenant. This setting is required to grant admin consent to the application.

      Grant tenant-wide admin consent to an application

       

      An alternative is to allow end-users users to consent to applications from verified publishers.

      Configure how end-users consent to applications

       

      The application needs permission to read the following information from your Azure Tenant.

      API / Permissions Name
      		 Description
      email View users' email address
      offline_access Maintain access to data you have given it access to
      openid Sign users in
      profile View users' basic profile
      User.Read Sign in and read user profile

      The following permissions are the most requested application permissions with low-risk access. Get started managing consent and permissions for all users by adding these delegated permissions with only one click. Learn more

      The offline_access scope gives your app access to resources on behalf of the user for an extended time. On the consent page, this scope appears as the Maintain access to data you have given it access to permission.

      When a user approves the offline_access scope, your app can receive refresh tokens from the Microsoft identity platform token endpoint. Refresh tokens are long-lived. Your app can get new access tokens as older ones expire.

       This permission currently appears on all consent pages, even for flows that don't provide a refresh token (such as the implicit flow). This setup addresses scenarios where a client can begin within the implicit flow and then move to the code flow where a refresh token is expected.

       

      More information about the following permissions required can  be found here:

      Permissions and consent in the Microsoft identity platform

       

      These permissions have been verified by Microsoft in the AppSource approval processes for the required permissions for what the app needs to work.