Lepaya App requires the following application permissions:
Permission | Description | We need this to... |
|---|
- *Name:**
GroupMember.Read.All
| Read group memberships
Allows the app to read memberships and basic group properties for all groups without a signed-in user. |
- retrieve the list of direct members of a group
|
| Read all users' full profiles
Allows the app to read the full set of profile properties, group membership, reports and managers of other users in your organization, without a signed-in user |
- retrieve a member's information
- list members in tenant
|
- *Name:**
TeamsActivity.Send
| Send a teamwork activity to any user
Allows the app to create new notifications in users' teamwork activity feeds without a signed in user. These notifications may not be discoverable or be held or governed by compliance policies. |
- send an activity feed notification in the scope of a team
- send an activity feed notification to a user
- send an activity feed notification in scope of a chat
|
- *Name:**
Application.Read.All
| Read applications
Allows the app to read applications and service principals without a signed-in user. |
- retrieve the properties and relationships of a servicePrincipal object (enterprise application ID of our app in the tenant's directory).
- retrieve the list of appRoleAssignment (permissions) that have been granted to our service principal.
|
Required additional permissions for automated onboarding:
Permission | Description | We need this to... |
|---|
| Create teams
Create teams, without a signed-in user. | |
- *Name:**
Team.ReadBasic.All
| Get a list of all teams
Get a list of all teams, without a signed-in user. |
- retrieve a specified team
|
- *Name:**
TeamSettings.ReadWrite.All
| Read and change all teams' settings
Read and change all teams' settings, without a signed-in user. | |
- *Name:**
TeamMember.ReadWrite.All
| Add and remove members from all teams
Add and remove members from all teams, without a signed-in user. Also allows changing a team member's role, for example from owner to non-owner. |
- add multiple members in a single request to a team
- retrieve a specified team members
|
- *Name:** ```
TeamsAppInstallation.
ReadWriteForTeam.All
| Manage Teams apps for all teams
Allows the app to read, install, upgrade, and uninstall Teams apps in any team, without a signed-in user. Does not give the ability to read application-specific settings. |
- install an app to a specified team
|
- *Name:**
AppCatalog.Read.All
| Read all app catalogs
Allows the app to read apps in the app catalogs without a signed-in user. |
- list apps from the Microsoft Teams app catalog
|
We know that giving permissions to a third party can be complicated, so we would like to address some frequently asked questions here:
Q: Can Lepaya read the learner's messages?
A: No, we can't read their messages, even if it's in a channel created by Lepaya.
Q: Can Lepaya send messages on behalf of the learners?
A: No! We can only send messages through Lepaya bot.
Q: Can Lepaya update personal information from the learners on Slack?
A: No.
Also, here are some links with our security and compliance information:
