Required permissions
Lepaya App requires the following application permissions:
| Permission | Description | We need this to... |
|---|---|---|
Name: GroupMember.Read.All | Read group memberships Allows the app to read memberships and basic group properties for all groups without a signed-in user. | - retrieve the list of direct members of a group |
Name: User.Read.All | Read all users' full profiles Allows the app to read the full set of profile properties, group membership, reports and managers of other users in your organization, without a signed-in user | - retrieve a member's information - list members in tenant |
Name: TeamsActivity.Send | Send a teamwork activity to any user Allows the app to create new notifications in users' teamwork activity feeds without a signed in user. These notifications may not be discoverable or be held or governed by compliance policies. | - send an activity feed notification in the scope of a team - send an activity feed notification to a user - send an activity feed notification in scope of a chat |
Name: Application.Read.All | Read applications Allows the app to read applications and service principals without a signed-in user. | - retrieve the properties and relationships of a servicePrincipal object (enterprise application ID of our app in the tenant's directory). - retrieve the list of appRoleAssignment (permissions) that have been granted to our service principal. |
Required additional permissions for automated onboarding:
| Permission | Description | We need this to... |
|---|---|---|
Name: Team.Create | Create teams Create teams, without a signed-in user. | - create a team |
Name: Team.ReadBasic.All | Get a list of all teams Get a list of all teams, without a signed-in user. | - retrieve a specified team |
Name: TeamSettings.ReadWrite.All | Read and change all teams' settings Read and change all teams' settings, without a signed-in user. | - update a specified team |
Name: TeamMember.ReadWrite.All | Add and remove members from all teams Add and remove members from all teams, without a signed-in user. Also allows changing a team member's role, for example from owner to non-owner. | - add multiple members in a single request to a team - retrieve a specified team members |
Name: TeamsAppInstallation. ReadWriteForTeam.All | Manage Teams apps for all teams Allows the app to read, install, upgrade, and uninstall Teams apps in any team, without a signed-in user. Does not give the ability to read application-specific settings. | - install an app to a specified team |
Name: AppCatalog.Read.All | Read all app catalogs Allows the app to read apps in the app catalogs without a signed-in user. | - list apps from the Microsoft Teams app catalog |
FAQ
We know that giving permissions to a third party can be complicated, so we would like to address some frequently asked questions here:
Q: Can Lepaya read the learner's messages?
A: No, we can't read their messages, even if it's in a channel created by Lepaya.
Q: Can Lepaya send messages on behalf of the learners?
A: No! We can only send messages through Lepaya bot.
Q: Can Lepaya update personal information from the learners on Slack?
A: No.
Security and Compliance Information
Also, here are some links with our security and compliance information:
Updated over 1 year ago