Calamari needs to be installed by the Azure AD admin. During the installation process, the admin will be prompted with the consent screen:

What are the required permissions?

Sign in and read user profile

This permission allows users to sign-in to the app, and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users.

Read domains

This permission allows the app to read all domain properties on behalf of the signed-in user.

Read directory data

This permission allows the app to read data in your organization's directory, such as users, groups and apps, without a signed-in user.

Read directory data

This permission allows the app to read data in your company or school directory, such as users, groups, and apps.

Above mentioned points are the only common points required by Calamari integration with Office 365/Azure AD. From the users' perspective, the integration will have access to name, surname, e-mail address, and additionally avatar from Office/Azure domain. Thanks to this you can import users and they can log in via SSO.

Did this answer your question?