Many of the features in Tikit are enhanced by integrating with your M365 data. As a result, multiple features need additional consent in order to be enabled. Please enable the features you would like to use following the guide below.
Note that a M365 administrator account is required for consent. Once consent has been granted, you will need to go into the Azure Portal under Enterprise Applications to remove it. For more information, please check out this “How to” with the steps for removing permissions.
In this article:
View Consent Management settings
To access Consent Management settings:
Open the Tikit web app at https://web.tikit.ai.
Once in the Tikit web app, select the settings gear in the header, then select Consent Management.
Feature Based Consents
Please enable the features you would like to and then consent for your organization. Looking for more details on setting up and configuring Tikit? Check out the Tikit Setup Series – Video Guide.
How to enable or disable features
To enable or disable features in Tikit:
Enable each feature by selecting the slider next to My Work, Email Connector and Intune Connector then select Update Consent.
For more details on the permissions required for each feature, check out the table below
Sign as a M365 Administrator, then in the Permissions Request prompt check the Consent on behalf of your organization and then select Accept.
Congrats! Each enabled feature will now be available to your users. Note that once consent has been granted, you will need to go into the Azure Portal under Enterprise Applications to remove it. For more information, please check out this “How to” with the steps for removing permissions.
Feature
Permission
Description
Teams Meetings
Have full access to users calendars
Allows the app to read, update, create and delete events in calendars.
My Work
Have full access to user calendars
Allows the app to read, update, create and delete events in your calendars.
Read and write all groups
Allows the app to create groups and read all group properties and memberships on your behalf. Additionally allows the app to manage your groups and to update group content for groups you are a member of.
Read user mail
Allows the app to read email in your mailbox.
Email Connector
Read user mail
Allows the app to read email in your mailbox.
Send mail as a user
Allows the app to send mail as you.
Intune Connector
Perform user-impacting remote actions on Microsoft Intune devices
Allows the app to perform remote high impact actions such as wiping the device or resetting the passcode on devices managed by Microsoft Intune.
Read devices Microsoft Intune devices
Allows the app to read the properties of devices managed by Microsoft Intune.
Read all devices
Allows the app to read devices' configuration information on your behalf.
Read Microsoft Intune RBAC settings
Allows the app to read the properties relating to the Microsoft Intune Role-Based Access Control (RBAC) settings.
Teams App Management
Submit application packages to the catalog and cancel pending submissions
Allows the app to submit application packages to the catalog and cancel submissions that are pending review on your behalf.
Manage user's installed Teams apps
Allows the app to read, install, upgrade, and uninstall Teams apps installed for you. Does not give the ability to read application-specific settings.
Allow the Teams app to manage itself for a user
Allows a Teams app to read, install, upgrade, and uninstall itself for you.
Detailed Consent Permissions
The consent permissions you grant to Tikit are directly set on two Tikit registered Azure Enterprise Applications within a customer’s environment: Tikit and Tikit Email Connector (if Email Connector – Consent has been enabled). You can review these two Tikit Enterprise Apps within Azure by following these steps:
With an Azure Administrators account, navigate to https://portal.azure.com
Click “More Services”
Find “Enterprise Applications”
Search for “Tikit” or “Tikit Email Connector”, and select the application
On the left hand menu, select “Permissions”
Select the “Grant admin consent for Cireson” button
You will get prompted to sign in, after signing in select “Accept” consent
The following is a detailed summary of all consent permissions required by the Tikit and Tikit Email Connector Enterprise applications for each of the consent areas of Tikit. Tikit only uses these permissions in the context of the application and the functions it’s doing for the ticketing system.Â
Permission
Type
Summary
Reason
Consent Area
AppCatalog.Submit
Delegated
Submit application packages to the catalog and cancel pending submissions
Used for Tikit Virtual Agent to read the App Catalog
Required, Teams App Management
Channel.ReadBasic.All
Delegated
Read the names and descriptions of channels
Used during setup, to read team names for installing Tikit to an existing team and used in the portal for the Teams Channel Picker
Required
Contacts.Read
Delegated
Read user contacts
Used for the people pickers in the portal, for ease of setting requester
Required
Directory.AccessAsUser.All
Delegated
Access directory as the signed in user
Used for RBAC to determine roles for users
Required
Directory.Read.All
Delegated
Read directory data
Used for RBAC to determine roles for users
Required
Delegated
View users' email address
Used for signin, to determine user data and roles
Required
Files.ReadWrite.All
Delegated
Have full access to all files user can access
This is used for attachments, to read teams channel file data
Required
Files.ReadWrite.All
Application
Read and write files in all site collections
This is used for attachments, to read teams channel file data
Required
Group.Read.All
Delegated
Read all groups
Used for RBAC to determine roles for users
Required
Group.Read.All
Application
Read all groups
Used for RBAC to determine roles for users
Required
Group.ReadWrite.All
Delegated
Read and write all groups
Used for RBAC to determine roles for users, also used in setup to add team members to teams, Tasks by Planner integration
Required, My Work
GroupMember.Read.All
Delegated
Read group memberships
Used for RBAC to determine roles for users from groups
Required
offline_access
Delegated
Maintain access to data you have given it access to
Allows users to sign into Tikit/interact with the Bot
Required
OnlineMeetings.ReadWrite
Delegated
Read and create user's online meetings
Used for an upcoming feature to create a meeting from a ticket, and add Tikit to the meeting itself
Required
openid
Delegated
Sign users in
Allows users to sign into Tikit/interact with the Bot
Required
People.Read
Delegated
Read users' relevant people lists
Used for the people pickers in the portal, for ease of setting requester
Required
People.Read.All
Delegated
Read all users' relevant people lists
Used for the people pickers in the portal, for ease of setting requester
Required
Presence.Read.All
Delegated
Read presence information of all users in your organization
Used in the portal to show presence of users
Required
profile
Delegated
View users' basic profile
Allows users to sign into Tikit/interact with the Bot
Required
Sites.Read.All
Delegated
Read items in all site collections
This is used for attachments, to read teams channel file data
Required
Sites.ReadWrite.All
Application
Read and write items in all site collections
This is used for attachments, to read teams channel file data
Required
Team.Create
Delegated
Create teams
Used during setup, to create your new Team to collaborate on tickets
Required
Team.ReadBasic.All
Delegated
Read the names and descriptions of teams
Used for RBAC and setting analyst roles
Required
TeamMember.ReadWrite.All
Delegated
Add and remove members from teams
Used for RBAC and setup to add members to team, determine which members of the team are analysts
Required
TeamsActivity.Send
Application
Send a teamwork activity to any user
Used for an upcoming feature to add items into the 'Activity' section of teams
Required
TeamsAppInstallation. ReadWriteForTeam
Delegated
Manage installed Teams apps in teams
Used during setup, to install Tikit to the team you would like
Required
User.Read
Delegated
Sign in and read user profile
Used for signin, to determine user data and roles
Required
User.Read.All
Delegated
Read all users' full profiles
Used for signin, to determine user data and roles
Required
User.Read.All
Application
Read all users' full profiles
Used for signin, to determine user data and roles
Required
User.ReadBasic.All
Delegated
Read all users' basic profiles
Used for signin, to determine user data and roles
Required
Calendars.ReadWrite
Delegated
Have full access to user calendars
Used for an upcoming feature to create a meeting from a ticket, and add Tikit to the meeting itself, and displaying agenda on the My Work page
Teams Meeting, My Work
Mail.Read
Delegated
Read user mail
Used in the my work page, to show unread emails
My Work
Mail.Read
Application
Read mail in all mailboxes
Used for the Email Connector (Separate app registration) to read mail sent to the specified email addresss
Email Connector
Mail.Send
Application
Send mail as any user
Used for the Email Connector (Separate app registration) to send mail via the specified email addresss
Email Connector
DeviceManagement ManagedDevices. PrivilegedOperations.All
Delegated
Perform user-impacting remote actions on Microsoft Intune devices
Used for performing remote actions via inTune
InTune Connector
DeviceManagement ManagedDevices. Read.All
Delegated
Read devices Microsoft Intune devices
Used for reading InTune devices registered for a user
InTune Connector
Device.Read.All
Delegated
Read all devices
Used for reading InTune devices registered for a user
InTune Connector
DeviceManagementRBAC. Read.All
Delegated
Read Microsoft Intune RBAC settings
Used for enabling/disabling actions on the InTune pane on the Users page
InTune Connector
TeamsAppInstallation. ReadWriteForUser
Delegated
Manage user's installed Teams apps
Used for pushing Tikit/TVA to the end user on the Users page
Teams App Management
TeamsAppInstallation. ReadWriteSelfForUser
Delegated
Allow the Teams app to manage itself for a user
Used for pushing Tikit/TVA to the end user on the Users page
Teams App Management