Graph API Permissions
Learn what Microsoft Graph API permissions are required for the Starmind Microsoft Teams Personal App to leverage all functionalities
Required Permissions
At Starmind, we adhere to the principle of least privilege, requesting only the essential permissions needed to provide you with the best possible user experience. We prioritize using RSC (resource-specific consent) and user-delegated permissions whenever possible to ensure your data is secure and privacy is respected.
To ensure a complete user experience, please grant the following additional organization-wide permissions to the multi-tenant Starmind enterprise app (Application ID: bee8d388-5b98-46d6-8ecd-d89bc02d1316) in the Teams apps administration section. Without these permissions, access to certain features, such as Activity Feed notifications, custom app branding or expert discussions, will be restricted.
All permissions with type "delegated" are mandatory to enable the Starmind bot experience.
Permission requests explained
Requested Permission | Permission Type | Purpose of Permission | Impact if Permission Denied |
---|---|---|---|
TeamsActivity.Send | Application | Send Starmind notifications to the user's Activity Feed in Microsoft Teams. | Only users who have added the Starmind Teams Personal App from the Teams store will receive notifications from Starmind in their Teams Activity Feed. |
AppCatalog.Read.All | Application | Retrieve and display the custom app name as the sender in the activity feed. | Customization / Branding of the Starmind Teams Personal App will not appear when displaying or referring to the app, such as in the user's activity feed. The app will revert to its original name. |
TeamsAppInstallation.ReadWriteAndConsentSelfForChat | Delegated | Allows Starmind bot to add itself to created user group chats. | Starmind bot will not be able to provide the context introduction message to get the discussion started nor supporting the users with additional bot functionalities. Not granting this permission, will fail the user to grant any of the other Delegated permissions! |
AppCatalog.Read.All | Delegated | Retrieve and display the custom app name in app UI elements. | Customization / Branding of the Starmind Teams Personal App will not be reflected in user bot interactions or when displaying the app. The app will revert to its original name. |
Chat.Create | Delegated | Allows Starmind bot to connect user in a group chat. | The Starmind bot will suggest that the user initiate the expert group chat conversation but will not be able to provide an introduction message to start the discussion. |
User.ReadBasic.All | Delegated | Allows Starmind bot to read basic user profile information. | The Starmind bot will not be able to match Starmind users with Entra ID directory users, thus failing to suggest any experts for the user to connect with. |
offline_access | Delegated | Allows Starmind bot to seamlessly refresh the user access token when it expires, providing a smoother and uninterrupted experience for the user | The Starmind bot will not be able to refresh the user Entra ID access token, requiring the user to login every hour. |
TeamsActivity.Send.User | Resource-specific consent (RSC) | Allows to send notifications to the user's Activity Feed without a signed in user | The TeamsActivity.Send RSC application permission is always enabled at the tenant level. App users don't need admin consent to use the permission. |
How to grant tenant permissions
Select Starmind app (Application ID: bee8d388-5b98-46d6-8ecd-d89bc02d1316) in the app admin section of Microsoft Teams and start the process to grant the requested permissions. This will open a browser window to proceed with the request.
Once granted, the "Permissions" section should look like in the image below.
For details instructions to setup Starmind Team Personal App, please see Setup Teams Integrations.
Updated about 1 month ago