Teams Graph API Permissions

In order to use Halp, our app, Assist, requires certain Microsoft Graph permissions to work for your organization. Some of these permissions are requested on behalf of each individual user when logging on, and are only used during the authentication session. The remaining permissions require the administrator's consent as they request data outside of a user session, and are required for the normal and minimal operation of the Assist app.

Due to limitations with Microsoft's platform, all permissions must be accepted, or none at all.

In this document, we outline the different Teams permission scopes requested by our app and what functionality they enable. All scopes are required in your Assist installation for Assist (and Halp) to operate. If you have any questions, please contact our support team.

Profile, OpenId, User.Read

Profile, OpenId, and User.Read permissions are requested on behalf of a user. They are the minimum required to allow users to log onto the Halp Web. They are accepted by users upon logging on, and only used during the log on session.

User.Read.All, Organization.Read.All

User.Read.All and Organization.Read.All are permissions used on behalf of the application. They require an organization's MS Teams administrator's consent to be used. These permissions allow Assist to utilize Teams' SSO when using the Assist Tab in Teams, keep Teams user profiles (email, name, and avatars) synced with Halp, and provide the organization's name and user count. All of these features are required. Before an admin grants consent, the Halp Teams app, Assist, cannot function properly, and ticket creation will be blocked until consent is granted as part of the onboarding setup.

How did we do?