Permissions Required to use OnePlace Solutions
OnePlace Solutions uses modern authentication for best practice security when connecting to Microsoft 365.
Sign in with Microsoft 365
When signing in for the first time users will be requested to consent to user based security permissions. The acceptance of these permissions is required to be able to use the software.
| OnePlaceMail Desktop | OnePlaceMail App | |
|
|
Applying permissions on behalf of users
To simplify the process, Administrators can apply permissions on behalf of users. Selecting the following links will ensure that users are not presented with any consent dialog boxes prior to first use.
1. Click here for OnePlace Solutions Desktop consent
2. Click here for OnePlaceMail App consent
Desktop Permissions
OnePlace Solutions Desktop uses 'Delegated' mode for all permissions required.
| Permission | Why do we need this? | |
|---|---|---|
| Microsoft Graph | ||
 Sign users in |
To allow the user to sign in using Microsoft Authentication Libraries | |
|
Maintain access to data you have given access to |
To prevent the user having to sign in every 24 hours | |
|
Sign in & read user profile |
Required to authenticate the user | |
|
Read & write access to the user profile |
This is used to store the subscription id to the user, who is using the software. | |
|
Read the names and description of teams |
To present the user their joined teams in the navigation tree | |
|
Read the names and descriptions of channels |
To allow user to navigate into their joined teams to see the contained channels | |
|
Have full access to all files user can access |
To allow users to browse files in Teams and OneDrive | |
| SharePoint | ||
|
Read and write items in all site collections |
To allow users to
|
|
|
Read and write managed metadata |
To allow users to create new terms in the term store when working with Managed Metadata & Enterprise keyword columns in SharePoint |
App Permissions
OnePlace Solutions App uses 'Delegated' mode for all permissions required.
| Permission | Why do we need this? | |
|---|---|---|
| Microsoft Graph | ||
|
Sign users in |
To allow the user to sign in using Microsoft Authentication Libraries | |
|
Sign in & read user profile |
Required to authenticate the user | |
|
Maintain access to data you have given access to |
To prevent the user having to sign in every 24 hours | |
|
Read and write to user profile |
To store the subscription id as extension property on the User | |
|
Read all user's basic profiles |
To be able to select users in metadata drop downs and see their profile image | |
|
Read and write user and shared mail |
To be able to save email and attachments from users and shared mailboxes to SharePoint. |
|
|
Read and write user mailbox settings |
To be able to set transferred to SharePoint category on mail | |
|
Read the names and descriptions of teams |
To be able to list all Teams the user is a member of | |
|
Read the names and descriptions of channels |
To be able to lists channels with Teams the user is a member of | |
|
Send channel messages |
To be able to post a message into a Teams channel | |
|
Read and write items in all site collections |
Used to provide features such as:
|
|
|
Read group memberships |
Used to @ mention users when posting a message to Teams | |
| This permission requires an Administrator to consent on behalf of users. Click here to complete this on behalf of users. | ||
| SharePoint | ||
|
Read and write items in all site collections |
To allow users to
|
Administrative Permission - Creating OnePlace Solutions Admin site
When completing our best practice steps and setting up the OnePlace Solutions Administration site, we will prompt for consent to specific permissions. These permissions should not be consented to on behalf of the organization and are only used in context of creating the site.
| Permission | Why do we need this? | |
|---|---|---|
| Admin level permission | ||
|
Full control of all site collections |
To allow admins to provision the new OnePlace Solutions template on a site. | |
|
Maintain access to data you have given access to |
To prevent the user having to sign in every 24 hours |
