Home > Connect Your Tenants to AvePoint Online Services > Permissions Required by AvePoint Tenant Registrations
Export to PDFPermissions Required by AvePoint Tenant Registrations
Refer to the following sections to see the permissions required by registering tenants of Microsoft, Google, Salesforce, or Amazon platform.
Microsoft
Connecting a Microsoft 365 tenant will create the AvePoint Online Services Tenant Registration for Microsoft365 app in the tenant’s Microsoft Entra ID. The table below lists the permissions required by the AvePoint Online Services Tenant Registration for Microsoft365 app.
The following permissions requested by AvePoint Online Services should be accepted when you install the AvePoint Tenant Management app. Note that the AvePoint Tenant Management app can only be accessed via the Google Workspace Marketplace link on the Connect tenant page in AvePoint Online Services > Tenant management.
| Scope | Permission | Purpose |
|---|---|---|
| https://www.googleapis.com/auth/admin.directory.domain.readonly | Read domain information | Retrieve organization's Google domain information. |
| https://www.googleapis.com/auth/apps.licensing | Read Google license information | Collect user seats. |
| https://www.googleapis.com/auth/admin.directory.user.readonly | Read Google users | Invite Google users for login. |
| https://www.googleapis.com/auth/admin.directory.group.readonly | Read Google groups | Invite Google groups for login. |
Salesforce
Connecting a Salesforce tenant will create the AvePoint Online Services Tenant Registration app in the tenant’s Salesforce environment. The required by the app:
Amazon
Connecting an Amazon tenant will create an IAM role named AWSTenantAdminRole in the tenant’s AWS environment. Below are the which will be added to the IAM role:
| iam:ListAccountAliases | |
| iam:GetAccountSummary |