Microsoft Azure AD
Here are the scopes we ask for when syncing your Microsoft Azure AD with Scribe:
1. Needed for co-workers to log in to Scribe with their Office 365 account. Read access to user profile (name and email) https://graph.microsoft.com/openid (Delegated) https://graph.microsoft.com/profile (Delegated) https://graph.microsoft.com/email (Delegated)
2. Read administrative unit to create departments in Scribe https://graph.microsoft.com/AdministrativeUnit.Read.All (Application)
3. Read domains to import them in Scribe https://graph.microsoft.com/Domain.Read.All (Application)
4. Sign in and read the user profile https://graph.microsoft.com/User.Read (Delegated)
5. Read all users’ full profiles https://graph.microsoft.com/User.Read.All (Application)
6. Read all groups https://graph.microsoft.com/GroupMember.Read.All (Application)
7. Read all group memberships https://graph.microsoft.com/Group.Read.All (Application)
8. Maintain access to data you have given access to the user profile https://graph.microsoft.com/offline_access (Delegated)
From those scopes, here is the data we store in Scribe
Profile picture
First name
Last name
Job position
Mobile phone
Work Phone
Fax
Department
Office
Street address
City
State or province
Zip or postal code
Country or region
Group names and memberships
Administrative unit names and memberships
Domains hostname
Scribe only reads data. We can not edit data in your Microsoft 365 or read your emails. Scribe is SOC II type 2 compliant.
Last updated