Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Assist App permissions needed for Teams integration

Ref Fransen
Ref Fransen
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
June 9, 2023

Can someone explain why the Assist app needs such high level permissions within our tenant? See screenshots below for permissions being requested.

Specfically, the four permissions under Sign in and read user profile.

  1. no problem
  2.  What type of activities will be not be discoverable or governed?
  3. Why is this required for the Assist app to work? Why does it need to know about the related resources?
  4. Why does the app need to read the full profile? It is already being granted permission to read basic information in permission 1
  5. Why does the app need to know about the Teams apps that are installed for all user?

image (1).pngimage.png

 

Comment
Watch
Like # people like this
1061 views

1 comment

Brian Feldman
Brian Feldman
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 9, 2023

Hey @Ref Fransen, thanks for the question! These permissions are required by Assist to enable user sign ins as well as syncing information between Microsoft Teams and Jira Service Management.

Profile, OpenId, and User.Read permissions for example are requested on behalf of a user. They are the minimum required to allow users to log into Jira Service Management and/or Halp. They are accepted by users upon logging on, and only used during the log on session.

User.Read.All and Organization.Read.All are permissions used on behalf of the application. They require an organization’s Microsoft Teams administrator’s consent to be used. These permissions allow Assist to utilize Teams’ SSO when using the Assist Tab in Microsoft Teams, keep Microsoft Teams user profiles (email, name, and avatars), and provide the organization’s name and user count. All of these features are required. Before an admin grants consent, Assist cannot function properly, and request creation will fail.

We’ll be adding more details around these permissions and how they're used to our documentation!

Like Tomislav Tobijas _Koios_ likes this
Reply

Comment

Log in or Sign up to comment
Halp
Assist
TAGS
AUG Leaders

Atlassian Community Events

    See all events