Aug 04 2016 02:32 PM
Hi Network managers. Bob McKeating has a question about the sign in requirements for this network. When you sign in with your Office 365 account it advises:
O365 Network needs permission to:
Like Bob, I'm also wondering what "Access our data anytime" means.
Can you clarify?
Aug 08 2016 11:59 AM
Hey Darrell, per Jeff's response here: "As with any app that uses Azure AD/SSO there is a minimum set of calls needed to authenticate the user and then a set of information that you grant access to.
Graph Info Here: https://graph.microsoft.io/en-us/
We are using OAUTH v2
https://azure.microsoft.com/en-us/documentation/articles/active-directory-protocols-oauth-code/
We are currently using "User.Read openid email profile offline_access" as the scope and then we are placing email, first name, last name, and company name into your community profile to create the account so that it has your first and last name."
These are all very standard and are a minimum set of info for the community to simply place you into a profile that you can then completely choose the right information and settings for your liking.
You can also use a Microsoft Account, which is not tied to your organization, as we have enabled both methods for authorization."
Sep 07 2016 01:11 AM
Thank you for making an effort but I do not think this is a very reassuring answer to the question.
I would very much like our users to NOT to accept an agreement that gives a site permission to "access your data anytime" without a detailed description (immediately available, not by Googling) of exactly what data that would be.
It seems I am not the only one who finds the wording unfortunate. :o)
Sincerely,
Jonas
Nov 09 2017 03:30 AM
Nov 09 2017 09:04 AM
Hey Adam,
That just gives SSO the permission to sign you in, it doesn't mean it will sign you into the Tech Community at any time. Here's a copy/paste about how this works:
Here is the exact call that we are making to graph.microsoft.com , hopefully to help ease your concerns. As with any app that uses Azure AD/SSO there is a minimum set of calls needed to authenticate the user and then a set of information that you grant access to.
Graph Info Here: https://graph.microsoft.io/en-us/
We are using OAUTH v2
https://azure.microsoft.com/en-us/documentation/articles/active-directory-protocols-oauth-code/
We are currently using "User.Read openid email profile offline_access" as the scope and then we are placing email, first name, last name, and company name into your community profile to create the account so that it has your first and last name.
These are all very standard and are a minimum set of info for the community to simply place you into a profile that you can then completely choose the right information and settings for your liking.
Hope that helps!
Oct 05 2018 11:12 AM
Why does the prompt not explicitly declare each piece of data that it will be granted access to? This makes it very difficult to accept the access request. "Access your data anytime" sounds very ominous without clarifications, and there are no clarifications without doing a web search and finding this thread.
Oct 25 2018 10:50 AM
How do I revoke permissions once I have accepted them?
Oct 26 2018 10:03 AM
You'd likely have to delete your account. And for the record, these permissions primarily grant the sign in app the permission to access your info in order to sign you in using your personal or organizational account. We can still only see the information listed in your profile and your email address. This is a boilerplate permission page used by Microsoft wherever users have to sign into a page (it's not in relation to the Tech Community itself)..