Difference between revisions of "MSGraphPermissions"

From UmsWiki
Jump to: navigation, search
(Permissions overview)
(Permissions overview)
Line 167: Line 167:
 
|-
 
|-
 
|EduRoster.ReadWrite.All
 
|EduRoster.ReadWrite.All
 +
|Application
 +
|Microsoft Graph
 +
|Allows the UMS to handle students on roster
 +
|Live_at_edu.exe
 +
|-
 +
|Member.Read.Hidden
 
|Application
 
|Application
 
|Microsoft Graph
 
|Microsoft Graph

Revision as of 07:59, 1 June 2021

Setting MSGraph Permissions a long with Azure active directory, OneNote and SharePoint permissions is necessary for UMS to obtain access to the functions needed to create OneNote Class Notebooks and upcoming Teams integration.

Creating App Registration

Go to Azure Portal and login with you admin account( the same UMS uses).

When logged in goto Azure Active Directory:

MSGraph1.png

Go to App registrations

MSGraph2.png

Click on New application registration

MSGraph3.png

Give the new App a name ex. "UMSGraph", Choose "Web app / API" in Application type, set "Sign-on URL" to "http://localhost". After setting Application Permission values click "Create"

MSGraph4.png

You will return to previous screen, here click "your new app"

MSGraph5.png

Click "Required permissions"

MSGraph6.png

Click "Add"

MSGraph7.png

Click "Select an API"

MSGraph8.png

Click "Microsoft Graph"

MSGraph9.png

Click "Select"

MSGraph10.png

Click the left topmost checkbox next to "APPLICATION PERMISSIONS", and scroll down to next section.

MSGraph11.png

Click the checkbox next to "DELEGATED PERMISSIONS"

MSGraph13.png

Click "Select"

MSGraph15.png

Click "Done"

MSGraph16.png

Click "Add" again

Click "Select an API"

Click "Office 365 SharePoint Online"

MSGraph17.png

Click "Select", as before - click the checkbox next to "APPLICATION PERMISSIONS" and "DELEGATED PERMISSIONS" and click Select.

Click "Done"

Click "Add" again and "Select an API"

Click "OneNote"

MSGraph18.png

Click "Select", as before - click the checkbox next to "APPLICATION PERMISSIONS" and "DELEGATED PERMISSIONS" and click Select.

Click "Done"

Click "Windows Azure Active Directory" Permission.

Click the checkbox next to "APPLICATION PERMISSIONS" and "DELEGATED PERMISSIONS" and click "Save"

Select "Windows Azure Active Directory"

Click the checkbox next to "APPLICATION PERMISSIONS" and "DELEGATED PERMISSIONS" and click "Save"

Azure Active Directory.png

Now click "Grant Permissions"

MSGraph19.png

Click "Yes"

MSGraph20.png

Permissions are now set.

Click "Properties"

MSGraph21.png

Copy "Application ID" into Configurator (see last Picture) .

MSGraph22.png

Click "Keys"

MSGraph23.png

Set "DESCRIPTION" to ex. "UMS1" and choose "Never expires" in the "EXPIRES" Setup dropdown

MSGraph24.png

Click "Save"

MSGraph25.png

Copy the Key in the "VALUE" into Configurator (see last Picture) !!! ATTENTION !!! the key value will never be visible again so ensure to copy it.

MSGraph26.png

Setup UMS to use Application just Created

In the UMS Configurator go to Modules->Office 365 and click "SharePoint organization settings"

UMSConfiguratorSharepointOrganizationSettings.png

Choose your SharePoint organization setting and click "Edit..."

UMSConfiguratorSharepointOrganizationSettingsEdit.png

Input your "Tenant Name" ex. "cortenso.onmicrosoft.com", paste the previously copied Application ID into "Client ID" field and paste previously copied KEY into "Client secret" and click "Ok"

UMSConfiguratorSharepointOrganizationSettingsEditWindow.png

You are now all set to use the new MS Graph integration.

Permissions overview


Default permissions
Permission name Permission type API Used for Used by
User.ReadWrite.All Application Microsoft Graph Setting attributes on the user in Office 365 Live_at_edu.exe
Group.ReadWrite.All Application Microsoft Graph Setting group attributes on Office 365 groups Live_at_edu.exe
GroupMember.ReadWrite.All Application Microsoft Graph Manage GroupMembers in Office 365 Live_at_edu.exe
Directory.ReadWrite.All Application Microsoft Graph Setting attributes on the user in Azure Active Directory Live_at_edu.exe
MailboxSettings.ReadWrite Application Microsoft Graph Used to set mailbox settings in Office 365.

Used to get/create categories

Live_at_edu.exe

Skemabrikker.exe

Calendars.ReadWrite Application Microsoft Graph Used to allow UMS to sync calendar events to Office 365 Skemabrikker.exe
Files.ReadWrite.All Application Microsoft Graph Used to provision OneDrive for users Live_at_edu.exe
Teams sync permissions
Permission name Permission type API Used for Used by
EduRoster.ReadWrite.All Application Microsoft Graph Allows the UMS to handle students on roster Live_at_edu.exe
Member.Read.Hidden Application Microsoft Graph Allows the UMS to handle students on roster Live_at_edu.exe
TeamMember.ReadWrite.All Application Microsoft Graph Allows the UMS to handle students on roster Live_at_edu.exe
TeamsTab.ReadWrite.All Application Microsoft Graph Used to create tabs in teams Live_at_edu.exe
TeamsAppInstallation.ReadForTeam.All Application Microsoft Graph Used to install app in teams Live_at_edu.exe
Team.Create Application Microsoft Graph Used to create Teams Live_at_edu.exe
Team.ReadBasic.All Application Microsoft Graph Used to read teams Live_at_edu.exe