Skip to main content
Mitratech Success Center

Client Support Center

Need help? Click a product group below to select your application and get access to knowledge articles, webinars, training content, and release notes or to contact our support team.

Authorized users - log in to create a ticket, view tickets status and check your success plan details.

 

Admin Guide for TCE 7.2 PB1 O365 Add-in 4.2

  1. Last updated
  2. Save as PDF

This page explains the configuration of Azure Keys and permission types in TeamConnect 7.2 PB1. It details setting up Azure portal access for the Microsoft Graph API, configuring permission types within TeamConnect (Delegated, Application, or None), and managing these settings post-upgrade. The process includes setting Redirect URIs in Azure, configuring API permissions, and managing token storage when switching between permission types, particularly for migrating tasks from Plugin to Add-in.

Please follow the below instructions after checking the Installation Guide.

Configuring Azure Keys and Managing Permission Types

If you have upgraded to TCE 7.2 PB1, kindly follow the instructions below:

Step 1: Configure Azure Keys for Graph API Delegated Permissions 

  1. Access Client Secrets and Redirect URIs in the Azure Portal

  • Navigate to the Azure portal → App Registrations
  • Under the Manage section:
    • Go to Authentication to configure Redirect URIs.

  1. Add or Update Redirect URI

  • In the Redirect URIs section:
    • Click Add a platform or edit an existing platform (e.g., Web).
    • Use the following URL format for the Redirect URI:
      https://<YourServerInstance>/officeAuthentication.htm
      Replace <YourServerInstance> with your specific server instance address.
  • Click Save to apply changes.

  1. Ensure Notifications API Access

  • Confirm that the Notifications API of TeamConnect is accessible to Microsoft’s Graph API to enable Web Hook synchronization for appointment changes. If you choose to whitelist the relevant IPs from Microsoft’s network, please review Microsoft’s documentation to ensure the correct network settings: Additional Office 365 IP Addresses and URLs. For more information on WebHook Notifications, refer to the Admin guide.

  1. Finalize Configuration

  • Click the Update button in the Azure portal.
  • Azure Keys for Graph API are now configured.

Step 2: Set Permission Type for Office Suite

  1. Post-Upgrade Permission Settings

  • After upgrading to TeamConnect 7.2 PB1:
    • Navigate to TeamConnect → Admin → Office Suite.
    • In the new Permission Type option, set it to Application Permissions. (The Permission Type is set to ‘None’ by default)

  1. Update API Permissions in Azure Portal

  • Remove existing API permissions in the Azure portal.

  • Return to TeamConnect and set the Permission Type to Delegated Permissions.
  • Reconfigure API permissions in the Azure portal:
    • User.Read.All – Access basic user details and facilitate login.

  1. To proceed with the next steps, Tasks must be migrated from the Plugin to the Add-in. The permission type must be set to Application Permissions for the migration. Please refer to the Task Migration Admin Guide for more details.

This completes the setup and management of Azure Keys and Permission Types for TeamConnect 7.2 PB1.

Please visit the Installation Guide to complete the Installation process.

Step 3: Managing Permission Type Setting

  1. Change Permission Type (anytime later, if Required)

  • Navigate to TeamConnect → Admin → Office Suite.
  • In the Permission Type option, modify settings as needed:
  • A radio button selection allows admin users to choose from:
    • Delegated Permissions
    • Application Permissions
    • None

  1. Default Behavior Based on Client Type:

  • For Plug-in Clients:
    • The default option is set to None to ensure no impact on existing configurations.
  • For Add-in Clients:
    • The default option is also set to None.
    • Admins must manually select either Delegated Permissions or Application Permissions as required.

  1.  Mandatory Configuration for Admin Users:
        Admins are required to populate all fields under the Graph API Keys section when selecting Application Permissions or Delegated     Permissions.

  2. Migration Requirement:
         During migration, admins must manually set the Permission Type for Application Permissions to ensure proper configuration.

  3. Reauthentication
         If a user has been inactive for an extended period or not logged in for a while, they are prompted to log in again.

Admin Options: If "Application Permissions" are selected, the process works as it does for versions TCE 7.2 and below.

Permissions Mentioned: 

The following permissions apply to the Application Permissions.

  • User.Read.All (to access basic user details and facilitate login)
  • Calendars.ReadWrite (to manage calendars)
  • Tasks.ReadWrite.All (to manage tasks)
Revoking Consent for Delegated Permissions

Admins can revoke the consent granted by a user for delegated permissions during their login to the Outlook add-in. To fully revoke their access, the tokens need to be invalidated through the Graph API. Refer to the following Microsoft documentation to revoke the consent manually.

  1. Revoke permissions using Microsoft Graph PowerShell
  2. Revoke permissions using Microsoft Graph
Changing Permission Type in TeamConnect

When Delegated Permissions are enabled, access and refresh tokens are stored individually and stay saved. If you switch from Delegated Permissions to Application Permissions or None, these tokens remain stored but become unused. To remove them, an admin must manually clear previously stored access and refresh tokens from the TeamConnect database manually using SQL query. This step is optional.

However, Microsoft still considers these tokens valid, so they can remain in the TeamConnect database. 

FAQs

How Can Users Revoke Accepted Permissions?
Currently, users cannot manage or revoke permissions directly within TeamConnect or the Add-in. All permission management must be handled through Microsoft Graph API as mentioned above.

Why Use Delegated Permissions?
Application-level permissions use a single token shared across all users, which poses a security risk. If this token is compromised, it grants access to all users' data. In contrast, delegated permissions issue separate tokens for each user, ensuring individualized access and enhanced security.