Skip to main content
Skip table of contents

Permissions and consent

Kameleon leverages the Microsoft Identity Platform for both user authentication and authorization. To perform its core functionalities, Kameleon requires specific delegated permissions (on behalf of the user). For a comprehensive overview of permissions and consent in the Microsoft Identity Platform, refer to the official documentation: https://learn.microsoft.com/en-us/entra/identity-platform/permissions-consent-overview?WT.mc_id=Portal-Microsoft_AAD_RegisteredApps

Sign in permissions

All Kameleon applications require the following permissions to enable user sign-in:

Permission

Purpose

openid

Enables user authentication into Kameleon applications

profile

Grants access to basic user profile information

offline_access

Allows the application to request refresh tokens

User.Read

Permits sign-in and access to user information

https://learn.microsoft.com/en-us/entra/identity-platform/scopes-oidc#openid-connect-scopes

Admin consent

In most cases, end users cannot grant consent to external applications. Therefore, admin consent is typically required at the organizational level.

https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/user-admin-consent-overview

Application specific permissions

Office

No additional mandatory permissions required.

Publish to SharePoint and OneDrive

If the Publish feature is enabled, the following optional permissions are required:

Permission

Purpose

Team.ReadBasic.All

Lists Microsoft Teams when saving documents

Channel.ReadBasic.All

Lists Teams channels when saving documents

Sites.ReadWrite.All

List SharePoint sites, libraries and folders and saves document and metadata to the selected SharePoint location

Teams

In addition to the sign-in permissions, the Kameleon Teams application requires:

Permission

Purpose

Sites.Read.All

Lists SharePoint sites when creating documents

Team.ReadBasic.All

Lists Microsoft Teams when creating documents

Channel.ReadBasic.All

Lists Microsoft Teams channels when creating documents

Files.ReadWrite.All

Saves documents and metadata to the selected SharePoint location

Portal

No additional mandatory permissions required.

Integrations

Optional features in the Kameleon Portal can be enabled by granting admin consent to the Kameleon API-application. These integrations also use delegated permissions.

Integration

Permission

Purpose

SharePoint list as data source

Sites.Read.All

Reads list items from SharePoint

SharePoint term set as list

TermStore.Read.All

Reads term sets and terms from SharePoint

Content Tool

No additional mandatory permissions required.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close