Microsoft Permissions

Overview

YakChat uses Microsoft EntraID to control access and permissions for users. This article provides the permissions required to use the different YakChat features.

YakChat 2.1.x Messaging App

Pre-requisite permissions

The following permissions are required to sign-in to the YakChat messaging app

Permission Name	API Name	Type	Consent Description	Consent	Required for
openid	Microsoft Graph	Delegated	Sign users in	User	Microsoft single signon (SSO)
User.Read	Microsoft Graph	Delegated	Sign in and read user profile	User	User sign-in using Microsoft credentials
user_impersonation	YakChat/ Chata API	Delegated	Access Chata API	User	Connect with the YakChat Azure service via they YakChat/Chata API

Optional permissions to access Microsoft contacts

The following permissions are required for users to access Microsoft contacts from the messaging app.

Permission Name	API Name	Type	Consent Description	Consent	Required for
Contacts.Read	Microsoft Graph	Delegated	Read user contacts	User	Display Microsoft Outlook and Active Directory contacts the user has access to read
Directory.Read.All	Microsoft Graph	Delegated	Read directory data	Admin	Display Active Directory groups the user has access to read
Sites.Read.All	Microsoft Graph	Delegated	Read items in all site collections	User	Display Sharepoint contact lists the user has access to read

Administration Portal

The following permissions are required to access the YakChat administration portal.

Permission Name	API Name	Type	Consent Description	Consent	Required for
User.Read	Microsoft Graph	Delegated	Sign in and read user profile	User	User sign-in using Microsoft credentials
user_ impersonation	YakChat/ Chata API	Delegated	Access Chata API	No	Connect with the YakChat Azure service via they YakChat/Chata Admin API

iOS/Android Mobile App

The following permissions are required to access the YakChat iOS/Android mobile app.

Permission Name	API Name	Type	Consent Description	Consent	Required for
openid	Microsoft Graph	Delegated	Sign users in	User	Microsoft single signon (SSO)
User.Read	Microsoft Graph	Delegated	Sign in and read user profile	User	User sign-in using Microsoft credentials
user_impersonation	YakChat/Chata API	Delegated	Access Chata API	User	Connect with the YakChat Azure service via they YakChat/Chata API
Contacts.Read	Microsoft Graph	Delegated	Read user contacts	User	Display Microsoft Outlook and Active Directory contacts the user has access to read
Directory.Read.All	Microsoft Graph	Delegated	Read directory data	Admin	Display Active Directory groups the user has access to read
Sites.Read.All	Microsoft Graph	Delegated	Read items in all site collections	User	Display Sharepoint contact lists the user has access to read
profile	Microsoft Graph	Delegated	View users' basic profiles	User	Display Active Directory groups the user has access to read
User.ReadBasic.All	Microsoft Graph	Delegated	Read all users' basic profiles	User	Display Active Directory groups the user has access to read