Skip to main content
Before admin approval is granted, no user can connect a Microsoft integration. Users will see a “Need admin approval” or “Approval required” error.

Understanding Permission Types

Microsoft uses two types of OAuth permissions:
TypeWho ActsWhen Used
DelegatedUser on their own behalfUser is signed in. Actions happen as that user with their access rights.
ApplicationApp on behalf of orgNo user signed in. App has its own access (e.g., background jobs).
Langdock uses delegated permissions. When you connect a Microsoft integration, Langdock acts on your behalf with your existing access rights—it cannot access data you don’t already have access to.
A Microsoft admin must grant tenant-wide consent before users can connect Microsoft integrations.
Prerequisite: A user or admin must have attempted to connect an integration at least once. This triggers the creation of the Langdock Service Principal in your tenant.
1

Open Microsoft Entra

Sign in to the Microsoft Entra admin center as a Cloud Application Administrator or Global Administrator.
2

Find Langdock

Go to IdentityApplicationsEnterprise applicationsAll applications and select Langdock.
3

Grant Consent

Under Security, select Permissions, then click Grant admin consent for [Your Organization].
4

Verify in Langdock

In Langdock, go to Settings → Integrations, click on a Microsoft integration (e.g., Outlook Calendar), and connect your account to confirm it works.
For more details, see Microsoft’s documentation on granting tenant-wide admin consent.

Reviewing Granted Permissions

After granting consent, you can review all permissions in Microsoft Entra:
  1. Go to IdentityApplicationsEnterprise applicationsLangdock
  2. Under Security, click Permissions
Delegated permissions in Microsoft Entra The Type column shows “Delegated” for all Langdock permissions—confirming Langdock only acts on behalf of signed-in users.

Viewing Required Permissions per Integration

Each Microsoft integration requires specific permissions (scopes). To see what a particular integration needs:
  1. In Langdock, go to Settings → Integrations
  2. Click on the Microsoft integration (e.g., Outlook Calendar)
  3. Click Configure your own in the OAuth dropdown
  4. View the Required Scopes section
Required scopes view These scopes map directly to Microsoft Graph permissions.

Common Permissions

PermissionWhat It Allows
Calendars.ReadWriteRead and create calendar events
Mail.ReadWriteRead and send emails
Files.ReadWrite.AllAccess OneDrive/SharePoint files
User.ReadRead your basic profile
offline_accessMaintain access without re-login

Customizing Permissions

If your organization requires different scopes than Langdock’s defaults, you can configure your own OAuth client.

Configure Custom OAuth Client

Set up your own OAuth application to control exactly which scopes are requested.