To enable seamless integration with Microsoft 365, RICOH Spaces makes use of specific permission scopes that allow the application to interact securely and effectively with user and organizational data. These permissions, granted via delegated or application-level access, enable a range of features such as calendar synchronization, meeting creation, user sign-in, and workspace management.
The table below outlines the key Microsoft 365 scopes used within RICOH Spaces, their purpose, and how they support various functionalities within the platform.
Permission | Purpose | Ricoh Spaces use case |
Calendars.Read delegated | Allows the application to read events in user calendars | Meeting creation |
Calendars.ReadWrite delegated | Allows the application to read and write to the user's calendar data. | Booking on behalf |
offline_access delegated | Allows the app to see and update the data you gave it access to, even when users are not currently using the app. This does not give the app any additional permissions | used to obtain and refresh access tokens without the need for the user to be present. Access tokens are typically short-lived, and when they expire, the application needs to obtain a new one. By including the offline_access scope, the application can obtain a refresh token during the initial authorization process, and then use that refresh token to get new access tokens as needed, without requiring the user to re-authenticate. |
User.Read delegated | Allows users to sign-in to the app, and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users. | When the user logs into RICOH Spaces, RICOH Spaces reads basic profile information about the currently signed-in user and is used to progress their log into RICOH Spaces |
Contacts.ReadWrite delegated | Grants the application permission to read and modify the user's contact information. | Currently deprecated |
User.ReadBasic.All delegated | Provides basic read access to the user's profile information, such as their name and email address. | Sign in process |
Presence.Read.All delegated | Allows the application to read the presence (online, offline, busy, etc.) of other users in the organization. | User presence (currently deprecated) |
OnlineMeetings.ReadWrite delegated | Grants the application permission to read and create online meetings on behalf of the user. | MS Teams meeting creation |
Calendars.Read application | Allows the app to read events of all calendars without a signed-in user. | This is used to pull the users daily calendar which we display within the users feed |
User.Read.All application | Allows the app to read user profiles without a signed in user. | Currently deprecated. It will be used for future upcoming roadmap functionality such as viewing user availability |
GroupMember.Read.All application | Allows the app to read memberships and basic group properties for all groups without a signed-in user. | Application permission is used to allow RICOH Spaces to read group membership information for all users in the organization or tenant. This includes information about which users are members of which groups. This is needed when using AD Group assignment on workspaces |
Calendars.ReadWrite application | Allows the app to create, read, update, and delete events of all calendars without a signed-in user. | It allows RICOH Spaces to perform operations such as:
Against room calendars, this is used when using functionality such as automatic room cancellation, linked room booking, layout booking and other extended functionalities |