Enable Azure login for the web app with Graph API permissions

Written By Patrick Madden

Approve the use of Graph API Permissions for Azure AD/Entra Login

When initially onboarding the service desk you will need an Azure AD/Entra Admin to approve the use of some Graph API permissions for the service desk web application to enable Azure AD/Entra login. In this article we will cover the list of API permissions you will need and details of what each of them do and are used for. Below are the specific Graph API permissions the app will request when you are prompted to approve Azure AD/Entra login:

email - Delegated

The email permission allows the service desk app to read your users’ primary email address

The email permission allows the service desk app to read your users’ primary email address

Microsoft Documentation >>

openid - Delegated

The openid permission allows users to sign in to the service desk app with their work accounts

The openid permission allows users to sign in to the service desk app with their work accounts

It also allows the app to see basic user profile information. Microsoft Documentation >>

profile - Delegated

The profile permission allows the service desk app to see your users' basic profile

The profile permission allows the service desk app to see your users' basic profile

The profile includes name, picture, user name, and email address. Microsoft Documentation >>

User.Read - Delegated

The User.Read permission allows users to sign-in to the service desk app, and allows the app to read the profile of signed-in users

The User.Read permission allows users to sign-in to the service desk app, and allows the app to read the profile of signed-in users

It also allows the app to read basic company information of signed-in users. Microsoft Documentation >>

As the Azure administrator, we may request the Tenant Id of your org before this next step so that we are able to associate the Chime V5 instance stood up by Instant Tech team. Once the instance is ready to be linked to your AD/Entra login, the Instant Tech team will send across a link for you to approve the requested permissions.

Accept the permissions request to link your AD/Entra login for your service desk

Accept the permissions request to link your AD/Entra login for your service desk

In this permissions request it will detail the permissions we are using and allow you to consent on behalf or your organization.

Once you have accepted the permissions, the log in option for Chime V5 will associate users logging in with their Office 365 accounts and will require users to login with their org accounts.

Select the log in button on your service desk home screen

Select the log in button on your service desk home screen

You will be prompted with the Microsoft O365 login to authenticate into your service desk

Log into your help desk tenant using Microsoft O365 authentication

Log into your help desk tenant using Microsoft O365 authentication

Using O365 authentication allows for a much more secure service desk ensuring data privacy

Patrick Madden
Previous

How to push the Teams application org-wide
Next

Set Up Service Desk Chat With Chat Routing Notifications For Agents