2.3 SETTING UP SECURITY | iGlobe CRM Office 365

iGlobe CRM is an App made for Microsoft Teams and is tightly integrated to Microsoft 365 services, for example the Planner, Groups and Outlook. Using the Microsoft Graph API. This integration requires admin consent before the app can be fully used across users in the organization.

The process of approving the application for the whole organization by the administrator is referred to as admin consent and is a part of the Azure AD OAuth implementation.

The framework is based on a user or an administrator giving consent to an application that asks to be registered in their directory. A user can give access only to apps they own that access their Microsoft 365 information. They can't give an app access to any other user’s information. There are two kinds of permissions that are used when using Integrated Apps in Office 365:

1. user permissions and

2. admin permissions.

When an admin registers an app for all users in their organization, he or she is asked for permission to let that app access information and resources in their organization. After this, when other users in the organization use that app, they won’t be asked for permission. When an admin registers an app, that admin must make sure that they trust that app's publisher.

Have you deployed the App directly and not given admin consent in Teams Admin. You will be asked to give Admin consent when you start the App. IMPORTANT! Click on Admin Consent using the tenant Global Admin account to set proper Microsoft Graph permission. Your user will not be able to use the App if Admin consent is not given.

iGlobe is following Microsoft App security model 100%. iGlobe CRM uses Microsoft Graph API to connect between services across Microsoft 365. For example, from Outlook to Groups, SharePoint, Exchange and Planner. Hence, it is the Microsoft Graph API that requires permission to be able to display the data in the App and provide you with the functionality you want.

iGlobe CRM is using Azure AD SSO. This means once Global Admin consent has been given, users will not need to give consent.

Important! You do not give iGlobe the above permissions. Only users on your tenant. The permission is set on your tenant AD.