9. Authenticate
as entitled user or app
for the individual service
Authenticate
as entitled user
for our web portal
Decide what the user may
execute in your app
• Create User
• Add to Security Group for SPO
• Send Welcome email
• Provision MySite
• Create Welcome Document
• Add user information into SPO list
• Mailbox statistics
10.
11.
12.
13.
14. Access Level Type Description
Single Sign-On
Default permission. The app is enabled for single sign-on
with Azure AD, and the user token will contain claims such as
the user’s User Principal Name, First and Last Name and
unique identifiers.
Single Sign-On,
Read Directory Data
Single sign-on plus the ability to read directory data using the
Graph API. This allows querying of company, user and group
information.
Single Sign-On,
Read and Write Directory Data
Single sign-on plus the ability to read and write directory data
using the Graph API. This allows querying and writing of
company, user, and group information, but does not allow
deleting users or groups.
http://msdn.microsoft.com/en-us/library/windowsazure/b08d91fa-6a64-4deb-92f4-f5857add9ed8.aspx#BKMK_Access