OAuth 2.0 applications
This documentation is created in base to where the tokens containing the scopes are consumed.
In addition, we allow customers to configure their own Azure applications.
Management Service
Scope | Why | How |
offline_access | Required to refresh the access token | Updates the access token in the token storage, to allow the authorization last for an extended time. |
openid | Required to configure email server using OIDC | Used to indicate that the application intends to use OIDC to verify the user's identity |
profile | Required to configure email server using OIDC | Used to retrieve the profile information |
Required to configure email server using OIDC | Used to retrieve the primary email address | |
Required to send emails | Send email notifications to user's email account via SMTP |
Keycloak
(as configured in Cloud Breeze offerings)
Scope | Why | How |
openid | Required to log in user using OIDC | Used to indicate that the application intends to use OIDC to verify the user's identity |
Required to log in user using OIDC | Used to retrieve the primary email address | |
profile | Required to log in user using OIDC | Used to retrieve the profile information |
offline_access | Required to refresh the access token | Updates the access token in the token storage, to allow the authorization last for an extended time. |
Required to log in user using OIDC | Used to retrieve the profile information |
Tenant Service
Scope | Why | How |
Required to access group memberships | Synchronize the groups between Azure and Management Service |
Spooler Controller
Scope | Why | How |
Required to send emails | Send email notifications to user's email account via SMTP |
Payment System
Scope | Why | How |
Required to send emails | Send email notifications to user's email account via SMTP |
Workflow Processing Server
Scope | Why | How |
Required to send emails in Email SMTP connector | Send emails to the authenticated user via SMTP | |
Required to upload files in OneDrive for Business (OAuth 2.0) connector | Uploads files into the OneDrive storage of the authorized user | |
Microsoft Graph > User.Read.All | Required to upload files to OneDrive for Business (registered app) connector | Necessary to identify user’s OneDrive for Business drive in order to be able to upload scanned documents to OneDrive for Business |
SharePoint > Sites.ReadWrite.All | Required to upload files to Sharepoint Online connector | Write access is necessary to be able to upload the scanned document. Read access is necessary to be able to browse the target folder on the MFD terminal, or to specify behavior in case the document with a defined filename already exists (append to it, replace it, keep both files) - if specified in Scan workflow definition by the Administrator. |
Mobile Print Server
We use the Aspose library to manage the emails in the configured account through the IMAP protocol.
By default, SafeQ is configured to use YSoft SafeQ application.
Display name: YSoft SafeQ
Application (client) ID: 799654b4-9069-435a-92c1-4822b4329329
Scope | Why | How |
Required to send emails | Send email notifications to user's email account via SMTP | |
Required to get and delete emails from the authorized email account. | Using IMAP protocol to download and remove emails from the mailbox. Those emails are stored in the same machine as Mobile Print Server is installed for further processing. |