New article
Recently updated
Understanding required permissions
Who is this article for?
Users who want to understand the required permissions for Enterprise.
No elevated permissions are required.
This article explains the permissions required to use OnePlace Solutions products with Microsoft 365.
1. Sign in with Microsoft 365
Mail Manager Enterprise uses modern authentication for secure access to Microsoft 365. When signing in for the first time, users must consent to user-based security permissions. This consent is required to use the software.
2. Applying permissions on behalf of users
M365 Administrators can simplify onboarding by applying the Azure permissions on behalf of users. This prevents consent prompts during first use.
If both desktop and app versions are installed, select both links to apply permissions.
1. Click here for Ideagen Mail Manager (Enterprise) Desktop consent
2. Click here for Ideagen Mail Manager (Enterprise) App consent
3. Desktop permissions
OnePlace Solutions Desktop uses delegated permissions. Below are the required permissions and their purposes:
| Permission | Purpose |
|---|---|
| Sign users in | To allow sign-in using Microsoft Authentication Libraries |
| Maintain access to data | Prevents daily re-authentication |
| Sign in & read user profile | Required for authentication |
| Read & write user profile | Stores the subscription ID |
| Read names and descriptions of teams | Displays joined teams in navigation |
| Read names and descriptions of channels | Allows navigation into channels |
| Full access to user files | Browse files in Teams and OneDrive |
| Read/write items in all site collections | Browse, preview, create, and search SharePoint content |
| Read/write managed metadata | Create new terms in the term store |
4. App permissions
The Mail App also uses delegated permissions. Below are the required permissions and their purposes:
| Permission | Purpose |
|---|---|
| Sign users in | To allow sign-in using Microsoft Authentication Libraries |
| Sign in & read user profile | Required for authentication |
| Maintain access to data | Prevents daily re-authentication |
| Read/write user profile | Stores subscription ID as an extension property |
| Read all user profiles | Used in metadata drop-downs and profile images |
| Read/write user and shared mail | Save emails and attachments to SharePoint, apply metadata |
| Read/write mailbox settings | Set SharePoint category on mail |
| Read names and descriptions of teams | List Teams the user is a member of |
| Read names and descriptions of channels | List channels within Teams |
| Send channel messages | Post messages into Teams channels |
| Read/write items in all site collections | Search, browse, and upload files in SharePoint |
| Read group memberships | Used to @mention users in Teams posts |
Note: SharePoint permission requires administrator's consent.
5. Administrative permissions for creating the Admin site
When setting up the Administration site, specific permissions are required. These should not be consented to on behalf of the organization and are only used during site creation.
| Permission | Purpose |
|---|---|
| Full control of all site collections | Allows admins to provision the OnePlace Solutions template |
| Maintain access to data | Prevents daily re-authentication |