OAuth 2.0 applications

This documentation is created in base to where the tokens containing the scopes are consumed.

In addition, we allow customers to configure their own Azure applications.

Management Service

Scope

Why

How

offline_access

Required to refresh the access token

Updates the access token in the token storage, to allow the authorization last for an extended time.

openid

Required to configure email server using OIDC

Used to indicate that the application intends to use OIDC to verify the user's identity

profile

Required to configure email server using OIDC

Used to retrieve the profile information

email

Required to configure email server using OIDC

Used to retrieve the primary email address

https://outlook.office.com/SMTP.Send

Required to send emails

Send email notifications to user's email account via SMTP

Keycloak

(as configured in Cloud Breeze offerings)

Scope

Why

How

openid

Required to log in user using OIDC

Used to indicate that the application intends to use OIDC to verify the user's identity

email

Required to log in user using OIDC

Used to retrieve the primary email address

profile

Required to log in user using OIDC

Used to retrieve the profile information

offline_access

Required to refresh the access token

Updates the access token in the token storage, to allow the authorization last for an extended time.

https://graph.microsoft.com/User.Read

Required to log in user using OIDC

Used to retrieve the profile information

Tenant Service

Scope

Why

How

https://graph.microsoft.com/GroupMember.Read.All

Required to access group memberships

Synchronize the groups between Azure and Management Service

Spooler Controller

Scope

Why

How

https://outlook.office.com/SMTP.Send

Required to send emails

Send email notifications to user's email account via SMTP

Payment System

Scope

Why

How

https://outlook.office.com/SMTP.Send

Required to send emails

Send email notifications to user's email account via SMTP

Workflow Processing Server

Scope

Why

How

https://outlook.office.com/SMTP.Send

Required to send emails in Email SMTP connector

Send emails to the authenticated user via SMTP

https://graph.microsoft.com/Files.ReadWrite

Required to upload files in OneDrive for Business (OAuth 2.0) connector

Uploads files into the OneDrive storage of the authorized user

Microsoft Graph > User.Read.All

Required to upload files to OneDrive for Business (registered app) connector

Necessary to identify user’s OneDrive for Business drive in order to be able to upload scanned documents to OneDrive for Business

SharePoint > Sites.ReadWrite.All

Required to upload files to Sharepoint Online connector

Write access is necessary to be able to upload the scanned document. Read access is necessary to be able to browse the target folder on the MFD terminal, or to specify behavior in case the document with a defined filename already exists (append to it, replace it, keep both files) - if specified in Scan workflow definition by the Administrator.

Mobile Print Server

We use the Aspose library to manage the emails in the configured account through the IMAP protocol.

By default, SafeQ is configured to use YSoft SafeQ application.

Display name: YSoft SafeQ

Application (client) ID: 799654b4-9069-435a-92c1-4822b4329329

Scope

Why

How

https://outlook.office.com/SMTP.Send

Required to send emails

Send email notifications to user's email account via SMTP

https://outlook.office.com/IMAP.AccessAsUser.All

Required to get and delete emails from the authorized email account.

Using IMAP protocol to download and remove emails from the mailbox. Those emails are stored in the same machine as Mobile Print Server is installed for further processing.