Forum Discussion
Sign in permissions for this network: Access your data anytime?
MicrosoftHey Darrell, per Jeff's response here: "As with any app that uses Azure AD/SSO there is a minimum set of calls needed to authenticate the user and then a set of information that you grant access to.
Graph Info Here: https://graph.microsoft.io/en-us/
We are using OAUTH v2
https://azure.microsoft.com/en-us/documentation/articles/active-directory-protocols-oauth-code/
We are currently using "User.Read openid email profile offline_access" as the scope and then we are placing email, first name, last name, and company name into your community profile to create the account so that it has your first and last name."
These are all very standard and are a minimum set of info for the community to simply place you into a profile that you can then completely choose the right information and settings for your liking.
You can also use a Microsoft Account, which is not tied to your organization, as we have enabled both methods for authorization."
How do I revoke permissions once I have accepted them?
- MichaelHolste
You'd likely have to delete your account. And for the record, these permissions primarily grant the sign in app the permission to access your info in order to sign you in using your personal or organizational account. We can still only see the information listed in your profile and your email address. This is a boilerplate permission page used by Microsoft wherever users have to sign into a page (it's not in relation to the Tech Community itself)..
Thank you for making an effort but I do not think this is a very reassuring answer to the question.
I would very much like our users to NOT to accept an agreement that gives a site permission to "access your data anytime" without a detailed description (immediately available, not by Googling) of exactly what data that would be.
It seems I am not the only one who finds the wording unfortunate. :o)
Sincerely,
Jonas
- Hi,
I fully agree the following permissions requested I have hard to accept with my Organizations ID:
MS Tech Comm needs permission to:
View your basic profile - Allows the app to see your basic profile (name, picture, user name) - OK
View your email address - Allows the app to read your primary email address - OK
Access your data anytime - Allows the app to see and update your data, even when you are not currently using the app. - NOT OK
Sign in as you - Allows you to sign in to the app with your work or school account and allows the app to read your basic profile information. - NOT OK
Sign you in and read your profile - Allows you to sign in to the app with your organizational account and let the app read your profile. It also allows the app to read basic company information. - Why when you already have the basic profile?
So, can someone explain why "Sing in as you" and "Access your data anytime" is required?
/Adam- MichaelHolste
Hey Adam,
That just gives SSO the permission to sign you in, it doesn't mean it will sign you into the Tech Community at any time. Here's a copy/paste about how this works:
Here is the exact call that we are making to graph.microsoft.com , hopefully to help ease your concerns. As with any app that uses Azure AD/SSO there is a minimum set of calls needed to authenticate the user and then a set of information that you grant access to.
Graph Info Here: https://graph.microsoft.io/en-us/
We are using OAUTH v2
https://azure.microsoft.com/en-us/documentation/articles/active-directory-protocols-oauth-code/
We are currently using "User.Read openid email profile offline_access" as the scope and then we are placing email, first name, last name, and company name into your community profile to create the account so that it has your first and last name.
These are all very standard and are a minimum set of info for the community to simply place you into a profile that you can then completely choose the right information and settings for your liking.
Hope that helps!
