Scappman Support Center
  • Scappman Support Center
  • 🖥️Applications
    • What is the difference between public and private applications?
    • How Scappman keeps your available apps up to date
    • Pausing Scappman Updates
    • How will Scappman interact with applications that already exist on my device
    • Why is there a Scappman pop-up
      • How to add custom branding to the pop-up
    • Request a new managed app
    • Using MST's with Scappman Apps
    • Bring your own app to Scappman
      • Uploading your own app to Scappman
        • Install Command Cheat Sheet
      • Updating your private (custom) applications in Scappman
      • Additional files in custom apps
    • My applications can't be opened after an update
    • Scappman PowerShell Certificate
    • Discovery & Autopatch
    • Deploy your first app
  • 🔓Permissions
    • 🧑‍🏫User permissions
      • How to add an additional admin in Scappman
      • Admin roles
    • 🤖App Registration
      • How to grant admin consent to Scappman
      • Why do we need permissions in your tenant?
  • 📃Billing
    • ⚖️How does billing work?
    • 🛑What happens when I cancel my subscription
    • ✉️Update company information and email recipients
  • 🤝Partner
    • How to activate a customer as a partner
    • How to invite customers in Scappman as a Partner
  • 📬Support
    • Contacting support
    • Custom app support
    • Troubleshooting log file reference
    • 🆘Error code reference
  • ⚠️Known Issues
    • Scappman reports not populating
  • ⌨️Advanced Configurations
    • Using custom registry keys during installation
    • TeamViewer Host activation
Powered by GitBook
On this page

Was this helpful?

  1. Permissions
  2. App Registration

Why do we need permissions in your tenant?

Last updated 1 year ago

Was this helpful?

For Scappman to create applications in your Microsoft Endpoint Manager/lntune tenant and use all our logic we need some permissions in your tenant.

Those permissions and why we need them are described in this table.

Permissions

Type

Why?

Sign in and read user profile

Delegated

We use your existing Azure AD account to authenticate you and identify which tenant you belong to, without this permission you would not be able to sign in.

Allows users to sign-in to the app, and allows the app to read the profile of signed-in users.

Maintain access to data you have given it access to

Delegated

The token providing us access to Sign in and read your user profile might expire while your session on our platform hasn't.

To seamlessly refresh that token, this permission is required.

This does not give the app any additional permissions.​

Read and write Microsoft Intune apps

Application

We need this permission to create and update apps in your tenant.

Read & write Microsoft Intune devices

Application

We need this permission for our reports.

We use it to identify the device installation status and also to initiate the automatic log file collection in case an installation has failed.

Read & write all groups

Application

We need this permission for the assignments of the applications.

The read permission is used to list your Azure AD groups that you can use to assign applications.

The write permission is used when you select specific users. lntune doesn't support assigning applications to named users, so we create a group, populate that group with the users you've selected and assign that group to the application.

This permissions can be removed but then the user assignment is not possible.

Read all groups

Application

We need this permission for the assignments of the applications.

The read permission is used to list your Azure AD groups that you can use to assign applications.

Read organization information

Application

With this permission we can read how many Microsoft licenses you have with an lntune entitlement that are assigned to users/devices.

We'll use that number for billing purposes.

Read all users' full profiles

Application

We use this permission to list users in Scappman.

This is being used for user based application assignment and admin invite.

Read directory data

Application

We need this permissions to see the available users and groups to assign them to applications.

We also need this permission to calculate the number of licenses.

🔓
🤖
https://learn.microsoft.com/en-us/azure/active-directory/develop/permissions-consent-overview