Calamari needs to be installed by the Microsoft 365 / Entra ID admin. During the installation process, the admin will be prompted with the consent screen:
What are the required permissions?
Sign in and read the user profile
This permission allows users to sign-in to the app, and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users.
This is a permission requested to access your data in Calamari
Read and write calendars in all mailboxes
This permission allows the app to create, read, update, and delete events of all calendars without a signed-in user.
This is a permission requested to access your data in Calamari
Read directory data
This permission allows the app to read data in your organization's directory, such as users, groups and apps, without a signed-in user.
This is a permission requested to access your data in Calamari
Allow the app to manage itself for all users
It allows a Teams app to read, install, upgrade, and uninstall itself to any user without a signed-in user.
This is a permission requested to access your data in Calamari
Above mentioned points are the only common points required by Calamari integration with Microsoft 365 / Entra ID. From the users' perspective, the integration will have access to name, surname, e-mail address, and additionally avatar from Microsoft 365 / Entra ID domain.
Thanks to this, you can import users, and they can log in via SSO.