Configure BrightWork 365 Graph Client App

Introduction 

BrightWork 365 2025-2 introduces new Flexible Teams and Document Management features that enable users with the correct permissions to select a Teams Channel to associate with projects, programs, and portfolios. 

The files tab in this channel then becomes the document location for the project, program, or portfolio. Alternatively, users can select another SharePoint document library folder to use as the document location for the project, program, or portfolio. Users do this via pickers that use a Microsoft Graph API to only return the Teams and SharePoint locations to which the logged-in user has access. 

For this to work, it is necessary to add an app registration that delegates the necessary permissions to make the Graph API query on behalf of the logged in user. 

At a high level, the app allows the user to: 

  • Select a Channel in Microsoft Teams (to which they must have access) to associate with a project, program, or portfolio. 
  • Optionally create a tab for the project, program, or portfolio in that channel. 
  •  Select an alternative SharePoint document library or folder to use as the document location for the project, program, or portfolio. 

It is important to stress that this app registration does not give users any extra permissions or access – it just leverages the permissions and access that users already have.

Add the App

You need at least the Cloud Application Administrator role (Microsoft Learn link) to create the app. A user with the role of Privileged Role Administrator (Microsoft Learn link) will need to approve the permissions granted by the app.

  1. Login to https://entra.microsoft.com/
  2. Expand Applications in the Identity section and click App registrations
  3. Click + New Registrations.
  4. Enter ‘BrightWork 365 Graph Client’ in the Name field.
  5. Select Accounts in this organizational directory only (Single tenant).
  6. Select Single-page application (SPA) from the Redirect URI section and enter the URL of the  BrightWork 365 environment.
  7. Click Register.
  8. Click API Permissions | + Add a permission.
  9. Click Microsoft Graph.
  10. Click Delegated permissions.
  11. Enter User.Read in the filter, select User.Read and User.Read.All and click Add permissions.
  12. Repeat these steps for the following permissions:
    1. Channel.ReadBasic.All
    2. ChannelMessage.Send
    3. ChannelSettings.Read.All
    4. Files.ReadWrite.All
    5. Sites.Read.All
    6. Team.ReadBasic.All
    7. TeamSettings.Read.All
    8. TeamsTab.Create
    9. User.Read
    10. User.Read.All
  13. Click Grant admin consent for and then Yes to confirm.
    The Configured permissions section should look like the below:
  14. Click Overview and copy the Application (client) ID and Directory (tenant) ID to a text editor.
  15. Bookmark this page.

Add Environment to the App

Every BrightWork 365 Environment in which you want to use the app must be added to the app.

  1. Navigate to the BrightWork 365 Graph Client app registration home page.
  2. Click Authentication on the navigation.
  3. Click + Add a Platform. You may need to switch to the ‘old experience’ to see this option.
  4. Click Single-page application.
  5. Paste the environment URL and click Configure.

Related Articles

Copyright © BrightWork. All rights reserved.