Overview Users consent our application accessing to their ...€¦ · 1) Users consent our...
Transcript of Overview Users consent our application accessing to their ...€¦ · 1) Users consent our...
Table of Contents
Overview ................................................................................................................................. 1
1) Users consent our application accessing to their Office 365 .................................................................. 1
2) Office 365 administrator consents “only” our application .................................................................... 2
3) Appendix ........................................................................................................................... 4
Overview There are two ways to allow 3rd party application to work with Office 365.
1) Each user consents access when he/she uses the application for the first time. This way, administrator cannot restrict
users to use 3rd party apps.
2) Administrator grants permission to each application. This way, users can only use the applications that the
administrator has permitted.
1) Users consent our application accessing to their Office 365 Please refer to the following steps.
*Note: This is NOT a recommended setting. Please read the following reminder before applying.
Reminder:
If “Users can consent to apps accessing company data on their behalf” is selected “Yes,” each user can choose any
application that accesses his/her Office 365 data. In such case, there is a possibility that a user’s data might be transferred
to another company who provides the service without Office 365 administrator’s knowledge or consent. (Please note that
it only applies to the user who consented the application.)
1 Access to AAD (Azure Active Directory) admin center.
https://aad.portal.azure.com/rrcpg.onmicrosoft.com
2 Login as Office 365 administrator.
3 Fig.1:
- Select “Enterprise applications” (A)
- Select “User settings” (B)
- Select “YES” to “Users can consent to apps accessing company data on their behalf” (C)
Fig.1
2) Office 365 administrator consents “only” our application By taking the following steps, RICOH Smooth Collaboration Service can access user’s Office 365.
1 Ricoh will send an e-mail to the administrator asking for approval to access our applications.
2 The administrator receives an e-mail from Ricoh and accesses
the attached URL.
There are three URLs: Web application, IWB
application, and CheckTool.
3 Login URLs with O365 administrator.
4 Read the message and select “Accept”.
5 Repeat step 3 and 4 for other two URLs.
6 Access to AAD (Azure Active Directory) admin center.
https://aad.portal.azure.com/rrcpg.onmicrosoft.com
(A)
(B)
(C)
Please make sure that the permitted applications have been added. (3 apps in Fig.2.)
1) RICOH Environment Check Tool for SCS
2) RICOH Smooth Collaboration Service
3) RICOH Smooth Collaboration Service Meeting Viewer
Fig.2
Procedure to delete permitted applications
7 Click the application that you want to delete from the
application list in Fig.2.
Click “delete” as shown in the right.
8 Select "Yes" to complete.
9 Repeat step 7 to 8 for other 2 applications.
3) Appendix To provide the service, Smooth Collaboration Service (SCS) requires the following permissions:
Type Operation Permission Purpose
User Profile
Access
Read Sign in and read user profile To enable signing in to SCS with the same
account as Office 365 and to obtain meeting
participants’ name.
To save meeting record (audio, image, text, and
files) in user’s OneDrive.
Outlook
Access
Read/Write Have full access to user calendars To align user’s calendar and minute.
OneDrive
Access
Read/Write Have full access to all files user can
access
To save meeting record (audio, image,
transcript, and files) in user’s OneDrive.
offline_access offline_access Maintain access to data you have
given it access to
To prevent being asked for a password every
time a user access SCS.
SharePoint
Access
Read Read and write items in all site
collections
To search for files that compose meeting
minute.
With these permissions, SCS realizes features such as card authentication sign-in, Outlook linkage, upload audio,
image, transcript, files to OneDrive, and show meeting minute on web browser.
All the recorded data and used files will be saved in user’s OneDrive. They go through SCS cloud server before being
saved but will be deleted from SCS cloud server after a short period. The following information will be retained in the
server: O365 account name/e-mail address of SCS users and meeting participants, calendar event info, and card ID. Please
read the Security Whitepaper for more detail.