LMS365 can access data in the name of the Signed-in User. Known as 'Delegated Permissions'. For that, we are using access scopes provided by the data providers. Below, you can find a list of all scopes LMS365 may use.
This data access is always scoped to the signed-in user. It by any means does not enable an ELEARNINGFORCE employee to get access to your data. On the contrary, as we are using the same authentication infrastructure used by Microsoft 365, your data is protected by the Microsoft 365 security framework including multi-factor authentication. The actual sign-in screen is provided and hosted by Microsoft. You can see that as the LMS365 sign-in process displays the identical sign-in screens and flow as if you were to sign in to Microsoft 365.
In other words, users can only access data within LMS365 that they can access based on their existing access rights in Office 365. This also means that a user can not access data of another user via LMS365. It also means that the scopes below will not allow users to see more data than what they are allowed to see in Office 365. So, for instance, the SharePoint 'Sites.Read.All' scope will only allow the user to see the SharePoint data that he or she has access to in SharePoint. It will NOT allow the user to see all data in all Sites in SharePoint as the data remains governed by SharePoint. So regardless of what user interface the user is using, the screens provided by SharePoint or the screens provided by the LMS365 App, the user will only get access to the data they have access to within SharePoint and as that access is governed by the Office 365 sign-in infrastructure, that data cannot be accessed by other users than the ones that have access to your Office 365 tenant.
Sign in and read user profile
Allows users to sign-in to the LMS365 app using the customer’s Azure AD, and allows the app to read the profile and basic company information of the signed-in user.
Read all users' basic profiles
To be able to show the users what account was used to sign in, LMS365 needs this permission to show basic profile information including the display name, first and last name, email address and photo.
Read user files
To allow learners to read the documents that are used inside a Training Course or Plan, for example, documents used in the Learning Modules will only be available to users from that domain, so when a Learner visits the Learning Module he or she will have the permissions to read these documents.
Read and write items and lists in all site collections
To allow LMS & Course Administrators to upload documents and media used in the Learning Module Builder, Quiz Builder & Assignments to SharePoint.
Have full control of all site collections
To allow Office 365 Global Administrators to create LMS365 Course Catalogs and the underlying SharePoint Site Collection from the LMS365 Global Settings area.
Have full access to user calendars
Allows the app to create, read, update, and delete events in user calendars.
Read and Create Online Meetings
Allows an app to create and read online meetings on behalf of the signed-in user.
Invite guest users to the organization
To allow a Catalog Administrator to invite guest users to a course catalog.
IMPORTANT: This is only working within the LMS365 application when: