In order to use Halp, the Teams App requires certain Microsoft Graph permissions to work for your organization. Some of these permissions are requested on behalf of each individual user when logging on, and only used during the authentication session. The remaining permissions require the administrator's consent as they request data outside of a user session, and are required for the normal and minimal operation of the Teams Halp app.
Due to limitations with Microsoft's platform, all permissions must be accepted, or none at all.
In this document, we outline the different Teams permission scopes requested by our App and what functionality they enable. All scopes are required in your Halp installation for Halp to operate. If you have any questions, please email firstname.lastname@example.org.
Profile, OpenId, User.Read
Profile, OpenId, and User.Read permissions are requested on behalf of a user. They are the minimum required to allow users to log onto Halp's web interface. They are accepted by users upon logging on, and only used during the log on session.
User.Read.All and Organization.Read.All are permissions used on behalf of the application. They require an organization administrator's consent to be used. These permissions allow Halp to utilize Teams' SSO when using the Halp Teams Tab, keep Teams user profiles (email, name, and avatars) synced with Halp, and provide the organization's name and user count. All of these features are required. Before an admin grants consent, the Halp Teams app cannot function properly, and ticket creation will be blocked until consent is granted as part of the onboarding setup.