# Admin center authentication
At Witivio, protecting our customers' data is our top priority. To ensure a secure and seamless authentication experience, GPT-Pro leverages Office 365 Single Sign-On (SSO) for accessing our applications. This approach integrates directly with Azure Active Directory (Azure AD), using incremental consent to request only the necessary permissions as users interact with our solution, minimizing access requests and protecting user privacy.
Through Office 365 SSO, GPT-Pro enables customers to:
- Enforce their own security policies for authentication, ensuring compliance with organizational standards.
- Leverage Office 365 Multi-Factor Authentication (MFA) where itβs configured or required, adding an extra layer of protection.
- Control user access to the application directly within their Azure AD environment, simplifying management for security teams.
- Comply with consent policies for permissions, ensuring transparent permission requests and adherence to established security protocols.
The sections that follow in this documentation will guide you through the incremental consent process, detailing how and when additional permissions are requested and how to manage them for optimal security and compliance.
WARNING
β οΈ Each step in this documentation may vary depending on the security policies configured by your organization. At any point, admin rights might be required, even if not explicitly indicated in the official Microsoft Graph permissions documentation (opens new window).
# Option 1: Use incremental consent within the application.
Navigate to the admin center (opens new window) When your log in for the first time, you must consent for the following permissions :
- offline_access
- User.Read
WARNING
β οΈ These permissions are mandatory. You will not be able to use the admin center without consent.
For some features, the admin center will prompt you for consent because a new permission is needed. This happens for the following feature :
# Consent to list possible administrators
Navigate to Subscription administrators or bot administrators and click on add an administrator button
When you're doing this for the first time, you must consent for the following permissions :
- User.ReadBasic.All
# Consent to connect to SharePoint
Navigate to SharePoint document and click on Add library When you're doing this for the first time you must consent for the following permissions :
- Files.Read.All
# Option 2: Admin consent application through Azure Portal
For somes organisations, IT teams must perform ad admin consent because organization security policy ask for it for :
- Adding a new office 365 Application in the tenant
- Consenting any permissions in the Microsoft Graph
In the case, you admin can consent either :
- From the application itself, by checking the Consent on behalf of your organization checkbox. In this case, please Refer to Option 1
- From Enterprise applications panel in Azure AD after connecting successfully to GPT Pro Admin center. You can access the Enterprise Applications panel here (opens new window) and search for GPT Pro - Admin Center
WARNING
If you have no results when looking for GPT Pro - Admin Center, you should connect first to admin center (opens new window) to activate the application in your tenant or try with option 3
TIP
You might found 2 GPT Pro applications.
GPT Pro is the app used by the Teams Application.
GPT Pro - Admin Center is the app used by the admin center.
Both Application Id (or client Id) can be found here
Click on GPT Pro - Admin Center and navigate to the Permissions tab and click on Grant permissions for {Your Tenant Name} 
You will be prompt for all permissions at once
TIP
π‘ The full list of permission is available here
# Option 3 : Admin consent the application through link.
WARNING
This section is intended for experienced users.
Before clicking on any admin consent link, please carefully verify its accuracy. Incorrect consent links could compromise the security of your tenant and lead to unintended permissions being granted.
Clicking on the folowing link redirects to the consent page for all the necessary permissions for our application at once.
WARNING
Please review carrefully that the application Id in the URL is the one listed here (opens new window) and that the application is certified by Witivio with the blue mark.
β Get Started ! Dashboard β