Forum Discussion

darrellaas's avatar
darrellaas
MVP
Aug 04, 2016

Sign in permissions for this network: Access your data anytime?

Hi Network managers. Bob McKeating has a question about the sign in requirements for this network. When you sign in with your Office 365 account it advises:

O365 Network needs permission to:

  • View your basic profile
  • Sign in as you
  • View your email address
  • Access your data anytime
  • Sign you in and read your profile

Like Bob, I'm also wondering what "Access our data anytime" means. 

Can you clarify? 

CC: MichaelHolsteLana O'BrienAnnaChujeffmedford

  • MichaelHolste's avatar
    MichaelHolste
    Icon for Microsoft rankMicrosoft
    Aug 08, 2016

    Hey Darrell, per Jeff's response here: "As with any app that uses Azure AD/SSO there is a minimum set of calls needed to authenticate the user and then a set of information that you grant access to.

    Graph Info Here: https://graph.microsoft.io/en-us/
    We are using OAUTH v2
    https://azure.microsoft.com/en-us/documentation/articles/active-directory-protocols-oauth-code/

    We are currently using "User.Read openid email profile offline_access" as the scope and then we are placing email, first name, last name, and company name into your community profile to create the account so that it has your first and last name."

    These are all very standard and are a minimum set of info for the community to simply place you into a profile that you can then completely choose the right information and settings for your liking.

    You can also use a Microsoft Account, which is not tied to your organization, as we have enabled both methods for authorization." 

    • Deleted's avatar
      Deleted
      Oct 25, 2018

      How do I revoke permissions once I have accepted them?

      • MichaelHolste's avatar
        MichaelHolste
        Icon for Microsoft rankMicrosoft
        Oct 26, 2018

        You'd likely have to delete your account. And for the record, these permissions primarily grant the sign in app the permission to access your info in order to sign you in using your personal or organizational account. We can still only see the information listed in your profile and your email address. This is a boilerplate permission page used by Microsoft wherever users have to sign into a page (it's not in relation to the Tech Community itself)..   

    • Jonas Peyerl's avatar
      Jonas Peyerl
      Copper Contributor
      Sep 07, 2016

      Thank you for making an effort but I do not think this is a very reassuring answer to the question.

      I would very much like our users to NOT to accept an agreement that gives a site permission to "access your data anytime" without a detailed description (immediately available, not by Googling) of exactly what data that would be.

      It seems I am not the only one who finds the wording unfortunate.  :o)

       

      Sincerely,

      Jonas

      • Adam Andersson's avatar
        Adam Andersson
        Copper Contributor
        Nov 09, 2017
        Hi,
        I fully agree the following permissions requested I have hard to accept with my Organizations ID:

        MS Tech Comm needs permission to:
        View your basic profile - Allows the app to see your basic profile (name, picture, user name) - OK
        View your email address - Allows the app to read your primary email address - OK
        Access your data anytime - Allows the app to see and update your data, even when you are not currently using the app. - NOT OK
        Sign in as you - Allows you to sign in to the app with your work or school account and allows the app to read your basic profile information. - NOT OK
        Sign you in and read your profile - Allows you to sign in to the app with your organizational account and let the app read your profile. It also allows the app to read basic company information. - Why when you already have the basic profile?

        So, can someone explain why "Sing in as you" and "Access your data anytime" is required?

        /Adam

Resources