How to Authorise Space Connect Access

Sign into the Microsoft Admin Portal

  • Go to the Microsoft admin portal https://admin.microsoft.com/AdminPortal/Home and sign in.
  • Go to teams and groups and then active teams and groups then navigate to security and select the security tab.

    Groups
  • Search for SpaceConnectCompanyWebAdmin and then add the global administrator to this group.

Sign in to your Space Connect Admin Portal

  • Navigate to the Space Connect administration portal at https://app.spaceconnect.co/admin
  • Select "sign in with Microsoft" for authentication.admin sign in-1
  • Enter your Office 365 Global Administration Email Address. (Your administration credentials may be different from your normal Office365 credentials)
  • Select the sign-in button and complete authentication.

Accept permissions

Space Connect desk only permissions

This is a reduced permissions set which will only be activated if you only have a desk license in your environment.

  • Once you have authenticated you will be presented with a generic permission list, these permissions are required to validate your organization and create an initial connection.

Admin Generic Blurred (1)

  • Once you have signed in you will see the landing page and a banner requesting permissions.

Permissions banner Blurred (2)
  • Click sign in and grant permissions.
  • Re-enter your admin credentials you will now see the desk specific permissions.

Desks permissions (1)

  • Review and accept permissions when ready.

Space Connect native permissions

Tip: These are the Mobile app permissions

  • Download the Space Connect mobile application on your mobile device.
  • Sign in using your global admin credentials.
  • You will see the following permissions.

Note: If you want to accept the permission on behalf of the entire company please tick the box on the permission list.

Legacy Native Blurred (1)

  • Select the ‘Accept’ button.

____________________________________________________________________

Space Connect Desk and Room Permissions

This permissions set is for any organizations that have more than one license I.E desk and rooms.

  • You will need to grant permission consent for the Space Connect app to allow users from your company to use Space Connect. It also ensures Space Connect can automatically synchronise with your meeting rooms.
  • Once you have authenticated you will be presented with a generic permission list, these permissions are required to validate your organization and create an initial connection.

Admin Generic Blurred (1)

  • Once you have signed in you will see the landing page and a banner requesting permissions.

Permissions banner Blurred (2)
  • Click sign in and grant permissions.
  • Re-enter your admin credentials you will now see the Space Connect legacy permissions.

Legacy Blurred (1)-2

  • Review and accept permissions when ready.

Space Connect native permissions

Tip: These are the Mobile app permissions

  • Download the Space Connect mobile application on your mobile device.
  • Sign in using your global admin credentials.
  • You will see the following permissions.

Note: If you want to accept the permission on behalf of the entire company please tick the box on the permission list.


Legacy Native Blurred (1)

  • Select the ‘Accept’ button.

___________________________________________________________________________

Please see the list below of permissions that are being consented to and why:

Space Connect (Generic Access Permissions)

Note: This applies to all license types

  • Sign in and read user profile
    Allows users to sign in to the app, and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users.

    Why is this needed?  It allows Space Connect to read the logged in users' basic information such as their name and email address.


  • Read all users' full profiles
    Allows the app to read user profiles without a signed in user.

    Why is this needed? This is used to sync users into Space Connect.


  • Read Organisational Information

    Why is this needed? This is used to identify the users organisation and direct them to the correct environment.


  • Read all group memberships
    Allows the app to read memberships and basic group properties for all groups without a signed-in user.

    Why is this needed? This is used to sync users into Space Connect and apply the permissions depending on which group they are in.


  • Read and Write the User's App Management data
    Allows the Application to read and write the user's data pertaining to itself in the Intune Mobile Application Management service.

    Why is this needed? This is used for intune Mobile application management to read and write the logged in users data.


Space Connect Desks

 

  • Sign in and read user profile
    Allows users to sign in to the app, and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users.

    Why is this needed? Read the logged in users' basic information such as name and email address.


  • Read all users' full profiles
    Allows the app to read user profiles without a signed in user.

    Why is this needed? This is used to sync users into Space Connect.


  • Read directory data
    Allows the app to read data in your organization's directory, such as users, groups and apps, without a signed-in user.

    Why is this needed? This is used to sync users into Space Connect and apply the permissions depending on which group they are in.


SpaceConnectNative (Mobile App) Desk Only Users

 

  • Maintain Access to Data you have given access to
    Allows the app to see and update the data you gave it access to, even when you are not currently using the app. This does not give the app any additional permissions.

    Why is this needed? These replicated permissions are needed to identify users and perform booking tasks.


  • View Users' basic profile
    Allows the app to see your basic profile (name, picture, user name).

    Why is this needed? Read the logged in users basic information such as name and email address.


 

Space Connect Legacy (Desks + Rooms)

 

  • Access mailboxes as the signed-in user via Exchange Web Services
    Allows the app to have the same access to mailboxes as the signed-in user via Exchange Web Services.

    Why is this needed? Access the logged in users mailbox via Exchange Web services to collect appointments/bookings.


  • Read and write calendars in all mailboxes
    Allows the app to create, read, update, and delete events of all calendars without a signed-in user.

    Why is this needed? Allows the Space Connect Platform to read and create meetings on users behalf of the signed in users organization on office365.


  • Use Exchange Web Services with full access to all mailboxes
    Allows the app to have full access via Exchange Web Services to all mailboxes without a signed-in user.

    Why is this needed? This permission enables Space Connect to access all users and rooms calendars (not emails) to check availability, book and edit meetings using EWS API's for On Premise accounts.


  • Sign in and read user profile
    Allows users to sign-in to the app, and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users.

    Why is this needed? Read the logged in users basic information such as name and email address.


  • Read all usage reports
    Allows an app to read all service usage reports without a signed-in user. Services that provide usage reports include Office 365 and Azure Active Directory.

    Why is this needed? Used for creating and displaying Microsoft Powerbi reports.


  • Read and write mail in all mailboxes
    Allows the app to create, read, update, and delete mail in all mailboxes without a signed-in user. Does not include permission to send mail.

    Why is this needed? Allows Space Connect to create, read, update, and delete calendar data without a signed-in user.


  • Read directory data
    Allows the app to read data in your organization's directory, such as users, groups and apps, without a signed-in user.

    Why is this needed? This is used to sync users into Space Connect and apply the permissions depending on which group they are in.


  • Read and create online meetings
    Allows the app to read and create online meetings as an application in your organization.

    Why is this needed? Allows Space Connect to read and create online meetings as an application in your organization.


  • Read and Write the User's App Management data
    Allows the Application to read and write the user's data pertaining to itself in the Intune Mobile Application Management service.

    Why is this needed? This is used for intune Mobile application management to read and write the logged in users data.



SpaceConnectNative (Mobile App) Desks + Room Users


  • Access Space Connect
    Allow the application to access Space Connect on behalf of the signed-in user.

    Why is this needed? Access the Space Connect Platform on the users behalf.


  • Read user's online meetings
    Allows the app to read online meeting details on behalf of the signed-in user.

    Why is this needed? Read the users meetings from office365.


  • Read and create user's online meetings
    Allows the app to read and create online meetings on behalf of the signed-in user.

    Why is this needed? Create meetings in office 365 via the Space Connect platform on behalf of the user.


  • Read and create online meetings
    Allows the app to read and create online meetings as an application in your organization.

    Why is this needed? Create meetings in office 365 via the Space Connect platform for all users via the Space Connect Platform.


  • Sign in and read user profile
    Allows users to sign in to the app, and allows the app to read the profile of signed-in users. It also allow the app to read basic company information of signed-in users.

    Why is this needed? Read the logged in users basic information such as name and email address.


  • Access mailboxes as the signed-in user via Exchange Web Services
    Allows the app to have the same access to mailboxes as the signed-in user via Exchange Web Services.

    Why is this needed? Access the logged in users mailbox via Exchange Web services to collect
    appointments/bookings.


  • Read and Write the User's App Management data
    Allows the Application to read and write the user's data pertaining to itself in the Intune Mobile Application Management service.

    Why is this needed? This is used for intune Mobile application management to read and write the logged in users data.


 

If you agree, this app will be granted the specified application permission(s) to resources belonging to all users in your organisation and delegated permission(s) to resources belonging to the signed-in user.