Consent Management

Many of the features in Tikit are enhanced by integrating with your M365 data. As a result, multiple features need additional consent in order to be enabled. Please enable the features you would like to use following the guide below.

Note that a M365 administrator account is required for consent. Once consent has been granted, you will need to go into the Azure Portal under Enterprise Applications to remove it. For more information, please check out this “How to” with the steps for removing permissions.

To access Consent Management settings:

  1. Open the Tikit web app at https://web.tikit.ai.
  2. Once in the Tikit web app, select the settings gear in the header, then select Consent Management.
Please enable the features you would like to and then consent for your organization. Looking for more details on setting up and configuring Tikit? Check out the Tikit Setup Series – Video Guide.

To enable or disable features in Tikit:

  1. Enable each feature by selecting the slider next to My Work, Email Connector and Intune Connector then select Update Consent.

For more details on the permissions required for each feature, check out the table below

  1. Sign as a M365 Administrator, then in the Permissions Request prompt check the Consent on behalf of your organization and then select Accept.

Congrats! Each enabled feature will now be available to your users. Note that once consent has been granted, you will need to go into the Azure Portal under Enterprise Applications to remove it. For more information, please check out this “How to” with the steps for removing permissions.

Feature Permission Description
Teams Meetings Have full access to users calendars Allows the app to read, update, create and delete events in calendars.
My Work Have full access to user calendars Allows the app to read, update, create and delete events in your calendars.
Read and write all groups Allows the app to create groups and read all group properties and memberships on your behalf. Additionally allows the app to manage your groups and to update group content for groups you are a member of.
Read user mail Allows the app to read email in your mailbox.
Email Connector Read user mail Allows the app to read email in your mailbox.
Send mail as a user Allows the app to send mail as you.
Intune Connector Perform user-impacting remote actions on Microsoft Intune devices Allows the app to perform remote high impact actions such as wiping the device or resetting the passcode on devices managed by Microsoft Intune.
Read devices Microsoft Intune devices Allows the app to read the properties of devices managed by Microsoft Intune.
Read all devices Allows the app to read devices' configuration information on your behalf.
Read Microsoft Intune RBAC settings Allows the app to read the properties relating to the Microsoft Intune Role-Based Access Control (RBAC) settings.
Teams App Management Submit application packages to the catalog and cancel pending submissions Allows the app to submit application packages to the catalog and cancel submissions that are pending review on your behalf.
Manage user's installed Teams apps Allows the app to read, install, upgrade, and uninstall Teams apps installed for you. Does not give the ability to read application-specific settings.
Allow the Teams app to manage itself for a user Allows a Teams app to read, install, upgrade, and uninstall itself for you.

The consent permissions you grant to Tikit are directly set on two Tikit registered Azure Enterprise Applications within a customer’s environment: Tikit and Tikit Email Connector (if Email Connector – Consent has been enabled). You can review these two Tikit Enterprise Apps within Azure by following these steps:

  • With an Azure Administrators account, navigate to https://portal.azure.com
  • Click “More Services”
  • Find “Enterprise Applications”
  • Search for “Tikit” or “Tikit Email Connector”, and select the application
  • On the left hand menu, select “Permissions”
  • Select the “Grant admin consent for Cireson” button
  • You will get prompted to sign in, after signing in select “Accept” consent

The following is a detailed summary of all consent permissions required by the Tikit and Tikit Email Connector Enterprise applications for each of the consent areas of Tikit. Tikit only uses these permissions in the context of the application and the functions it’s doing for the ticketing system. 

Permission Type Summary Reason Consent Area
AppCatalog.Submit Delegated Submit application packages to the catalog and cancel pending submissions Used for Tikit Virtual Agent to read the App Catalog Required, Teams App Management
Channel.ReadBasic.All Delegated Read the names and descriptions of channels Used during setup, to read team names for installing Tikit to an existing team and used in the portal for the Teams Channel Picker Required
Contacts.Read Delegated Read user contacts Used for the people pickers in the portal, for ease of setting requester Required
Directory.AccessAsUser.All Delegated Access directory as the signed in user Used for RBAC to determine roles for users Required
Directory.Read.All Delegated Read directory data Used for RBAC to determine roles for users Required
email Delegated View users' email address Used for signin, to determine user data and roles Required
Files.ReadWrite.All Delegated Have full access to all files user can access This is used for attachments, to read teams channel file data Required
Files.ReadWrite.All Application Read and write files in all site collections This is used for attachments, to read teams channel file data Required
Group.Read.All Delegated Read all groups Used for RBAC to determine roles for users Required
Group.Read.All Application Read all groups Used for RBAC to determine roles for users Required
Group.ReadWrite.All Delegated Read and write all groups Used for RBAC to determine roles for users, also used in setup to add team members to teams, Tasks by Planner integration Required, My Work
GroupMember.Read.All Delegated Read group memberships Used for RBAC to determine roles for users from groups Required
offline_access Delegated Maintain access to data you have given it access to Allows users to sign into Tikit/interact with the Bot Required
OnlineMeetings.ReadWrite Delegated Read and create user's online meetings Used for an upcoming feature to create a meeting from a ticket, and add Tikit to the meeting itself Required
openid Delegated Sign users in Allows users to sign into Tikit/interact with the Bot Required
People.Read Delegated Read users' relevant people lists Used for the people pickers in the portal, for ease of setting requester Required
People.Read.All Delegated Read all users' relevant people lists Used for the people pickers in the portal, for ease of setting requester Required
Presence.Read.All Delegated Read presence information of all users in your organization Used in the portal to show presence of users Required
profile Delegated View users' basic profile Allows users to sign into Tikit/interact with the Bot Required
Sites.Read.All Delegated Read items in all site collections This is used for attachments, to read teams channel file data Required
Sites.ReadWrite.All Application Read and write items in all site collections This is used for attachments, to read teams channel file data Required
Team.Create Delegated Create teams Used during setup, to create your new Team to collaborate on tickets Required
Team.ReadBasic.All Delegated Read the names and descriptions of teams Used for RBAC and setting analyst roles Required
TeamMember.ReadWrite.All Delegated Add and remove members from teams Used for RBAC and setup to add members to team, determine which members of the team are analysts Required
TeamsActivity.Send Application Send a teamwork activity to any user Used for an upcoming feature to add items into the 'Activity' section of teams Required
TeamsAppInstallation. ReadWriteForTeam Delegated Manage installed Teams apps in teams Used during setup, to install Tikit to the team you would like Required
User.Read Delegated Sign in and read user profile Used for signin, to determine user data and roles Required
User.Read.All Delegated Read all users' full profiles Used for signin, to determine user data and roles Required
User.Read.All Application Read all users' full profiles Used for signin, to determine user data and roles Required
User.ReadBasic.All Delegated Read all users' basic profiles Used for signin, to determine user data and roles Required
Calendars.ReadWrite Delegated Have full access to user calendars Used for an upcoming feature to create a meeting from a ticket, and add Tikit to the meeting itself, and displaying agenda on the My Work page Teams Meeting, My Work
Mail.Read Delegated Read user mail Used in the my work page, to show unread emails My Work
Mail.Read Application Read mail in all mailboxes Used for the Email Connector (Separate app registration) to read mail sent to the specified email addresss Email Connector
Mail.Send Application Send mail as any user Used for the Email Connector (Separate app registration) to send mail via the specified email addresss Email Connector
DeviceManagement ManagedDevices. PrivilegedOperations.All Delegated Perform user-impacting remote actions on Microsoft Intune devices Used for performing remote actions via inTune InTune Connector
DeviceManagement ManagedDevices. Read.All Delegated Read devices Microsoft Intune devices Used for reading InTune devices registered for a user InTune Connector
Device.Read.All Delegated Read all devices Used for reading InTune devices registered for a user InTune Connector
DeviceManagementRBAC. Read.All Delegated Read Microsoft Intune RBAC settings Used for enabling/disabling actions on the InTune pane on the Users page InTune Connector
TeamsAppInstallation. ReadWriteForUser Delegated Manage user's installed Teams apps Used for pushing Tikit/TVA to the end user on the Users page Teams App Management
TeamsAppInstallation. ReadWriteSelfForUser Delegated Allow the Teams app to manage itself for a user Used for pushing Tikit/TVA to the end user on the Users page Teams App Management
Search
In this article