Table of Contents | ||||
---|---|---|---|---|
|
Introduction
SphereShield requires you to register an app in Azure.
...
The registration process is described here
App Options
There are 3 different types of Standard App
...
Below are the permissions needed for each App
Compliance and Channel management Permissions
This app would like to:
...
Sign in and read user profile
...
This is a permission requested to access your data in AgatDevelopment.
Sign in And Groups Permissions
This app would like to:
...
Sign in and read user profile
...
Accepting these permissions means that you allow this app to use your data as specified in their terms of service and privacy statement. You can change these permissions at https://myapps.microsoft.com . Show details
Sign in and eDiscovery Permissions
This app would like to:
...
Sign in and read user profile
...
Accepting these permissions means that you allow this app to use your data as specified in their terms of service and privacy statement. You can change these permissions at https://myapps.microsoft.com . Show details
Permissions for chat and file control only
If all that is required is to enforce Ethical Wall and DLP policies on chat and files we can create a custom app with limited permissions.
For chat & file control we will only need the flowing permissions (and a separate app will be step up like this):
...
Permissions for file control only
If all that is required is to enforce Ethical Wall and DLP policies on files we can create a custom app with limited permissions.
For file control we will only need the flowing permissions (and a separate app will be step up like this):
...
Option for Private Customer App
In the event that a customer is unhappy with the permissions above, AGAT offers an option for the customer to create the SphereShield app in their own tenant. This means that AGAT won’t have any permissions to the customer tenant, but the customer will be the owner of the app with the permissions required.
...
Production Key Vault and Certificate
Protocol used by Azure app for authentication
The app is a native Microsoft deployment and uses OAuth2 as documented here:
https://docs.microsoft.com/en-us/azure/app-service/overview-authentication-authorization