🎉 Seamless is released. Read more →
Admin guide
Permissions

App permissions for Seamless

The following tables outline the necessary permissions for Seamless to interact with Microsoft Graph and related services. These permissions ensure the application can perform essential tasks like managing groups, accessing user profiles, and maintaining secure sign-in processes. All permissions require admin consent and are categorized as either Application or Delegated permissions, depending on the level of access needed.

Admin center permissions

PermissionDescriptionType
AuditLog.Read.AllRead audit log dataDelegated
AuditLog.Read.AllRead all audit log dataApplication
emailView users' email addressDelegated
Group.Read.AllRead all groupsDelegated
Group.ReadWrite.AllRead and write all groupsApplication
offline_accessMaintain access to data you have given it access toDelegated
openidSign users inDelegated
profileView users' basic profileDelegated
User.ReadSign in and read user profileDelegated
User.Read.AllRead all users' full profilesApplication
User.Read.AllRead all users' full profilesDelegated

Teams app permissions

PermissionDescriptionType
AuditLog.Read.AllRead audit log dataApplication
Group.Read.AllRead all groupsDelegated
Group.ReadWrite.AllRead and write all groupsDelegated
Group.ReadWrite.AllRead and write all groupsApplication
Notes.Read.AllRead all OneNote notebooks that user can accessDelegated
Sites.Read.AllRead items in all site collectionsDelegated
Team.ReadBasic.AllRead the names and descriptions of teamsDelegated
TeamMember.ReadWrite.AllAdd and remove members from teamsDelegated
TeamMember.ReadWriteNonOwnerRole.AllAdd and remove members with non-owner role for all teamsApplication
User.Invite.AllInvite guest users to the organizationDelegated
User.ReadSign in and read user profileDelegated
User.Read.AllRead all users' full profilesDelegated
User.ReadWrite.AllRead and write all users' full profilesApplication
SystemoverviewWhat customer data we store