Microsoft Azure AD

Here are the scopes we ask for when syncing your Microsoft Azure AD with Scribe:

1. Needed for co-workers to log in to Scribe with their Office 365 account. Read access to user profile (name and email) https://graph.microsoft.com/openid (Delegated) https://graph.microsoft.com/profile (Delegated) https://graph.microsoft.com/email (Delegated)

2. Read administrative unit to create departments in Scribe https://graph.microsoft.com/AdministrativeUnit.Read.All (Application)

3. Read domains to import them in Scribe https://graph.microsoft.com/Domain.Read.All (Application)

4. Sign in and read the user profile https://graph.microsoft.com/User.Read (Delegated)

5. Read all users’ full profiles https://graph.microsoft.com/User.Read.All (Application)

6. Read all groups https://graph.microsoft.com/GroupMember.Read.All (Application)

7. Read all group memberships https://graph.microsoft.com/Group.Read.All (Application)

8. Maintain access to data you have given access to the user profile https://graph.microsoft.com/offline_access (Delegated)

From those scopes, here is the data we store in Scribe

  • Profile picture

  • First name

  • Last name

  • Job position

  • Mobile phone

  • Work Phone

  • Fax

  • Department

  • Office

  • Street address

  • City

  • State or province

  • Zip or postal code

  • Country or region

  • Group names and memberships

  • Administrative unit names and memberships

  • Domains hostname

Scribe only reads data. We can not edit data in your Microsoft 365 or read your emails. Scribe is SOC II type 2 compliant.

Last updated