Copy of OAuth 2.0 applications
This documentation is created in base to where the tokens containing the scopes are consumed.
In addition, we allow customers to configure their own Azure applications.
Management Service
| Scope | Why | How |
|---|---|---|
| offline_access | Required to refresh the access token | Updates the access token in the token storage, to allow the authorization last for an extended time. |
| openid | Required to configure email server using OIDC | Used to indicate that the application intends to use OIDC to verify the user's identity |
| profile | Required to configure email server using OIDC | Used to retrieve the profile information |
| Required to configure email server using OIDC | Used to retrieve the primary email address | |
| https://outlook.office.com/SMTP.Send | Required to send emails | Send email notifications to user's email account via SMTP |
Keycloak
(as configured in Cloud Breeze offerings)
| Scope | Why | How |
|---|---|---|
| openid | Required to log in user using OIDC | Used to indicate that the application intends to use OIDC to verify the user's identity |
| Required to log in user using OIDC | Used to retrieve the primary email address | |
| profile | Required to log in user using OIDC | Used to retrieve the profile information |
| offline_access | Required to refresh the access token | Updates the access token in the token storage, to allow the authorization last for an extended time. |
| https://graph.microsoft.com/User.Read | Required to log in user using OIDC | Used to retrieve the profile information |
Tenant Service
| Scope | Why | How |
|---|---|---|
| https://graph.microsoft.com/GroupMember.Read.All | Required to access group memberships | Synchronize the groups between Azure and Management Service |
Spooler Controller
| Scope | Why | How |
|---|---|---|
| https://outlook.office.com/SMTP.Send | Required to send emails | Send email notifications to user's email account via SMTP |
Payment System
| Scope | Why | How |
|---|---|---|
| https://outlook.office.com/SMTP.Send | Required to send emails | Send email notifications to user's email account via SMTP |
Workflow Processing Server
| Scope | Why | How |
|---|---|---|
| https://outlook.office.com/SMTP.Send | Required to send emails in Email SMTP connector | Send emails to the authenticated user via SMTP |
| https://graph.microsoft.com/Files.ReadWrite | Required to upload files in OneDrive for Business (OAuth 2.0) connector | Uploads files into the OneDrive storage of the authorized user |
| Microsoft Graph > User.Read.All | Required to upload files to OneDrive for Business (registered app) connector | Necessary to identify user’s OneDrive for Business drive in order to be able to upload scanned documents to OneDrive for Business |
| SharePoint > Sites.ReadWrite.All | Required to upload files to Sharepoint Online connector | Write access is necessary to be able to upload the scanned document. Read access is necessary to be able to browse the target folder on the MFD terminal, or to specify behavior in case the document with a defined filename already exists (append to it, replace it, keep both files) - if specified in Scan workflow definition by the Administrator. |
Mobile Print Server
We use the Aspose library to manage the emails in the configured account through the IMAP protocol.
By default, SafeQ is configured to use YSoft SafeQ application.
: 799654b4-9069-435a-92c1-4822b4329329
| Scope | Why | How |
|---|---|---|
| https://outlook.office.com/SMTP.Send | Required to send emails | Send email notifications to user's email account via SMTP |
| https://outlook.office.com/IMAP.AccessAsUser.All | Required to get and delete emails from the authorized email account. | Using IMAP protocol to download and remove emails from the mailbox. Those emails are stored in the same machine as Mobile Print Server is installed for further processing. |
Credential Generator
- App ID #
– the customer creates the app, so the app ID is generated in that step
- What API permissions the app requires to function - all must be listed
--Application
-none
--Delegated
- none
Why does the app need each API permission
- to send email by SMTP
What data the app process
- In relation to the OAuth authorization? An email to a user. In general, also user credentials.
What permission grants are required
-- openid, profile, offline_access, https://outlook.office.com/SMTP.Send
Why?
--To be able to authorize to the SMTP service of Office 365 in order to send an email, and keep the authorization to do this long-term.
What role the grantor must have to grant the required permissions
I- Admin of the Azure tenant,