What needs to be authorized
Each action may require a different person in your organization
| Action | Required Role | What it does |
|---|---|---|
| Step 1 — Injio Next Gen Licensing API Consent | Application Administrator or Global Administrator |
Required. Grants the Injio Next Gen web parts permission to
identify your tenant for licence verification. Requests
User.Read only.
|
| Optional — Content Trust Dashboard Consent | Application Administrator or Global Administrator | Only needed if your organisation uses the Content Trust Dashboard. Grants the dashboard delegated permission to sign users in and read SharePoint content on their behalf. |
| Step 2 — API Access Approval | SharePoint Administrator or Global Administrator |
Grants the Injio Next Gen Licensing web parts permission to
verify the licence on behalf of the signed in user using the
access_as_user scope.
|
Check your permissions
Sign in with your Microsoft 365 account to see which actions you can complete
Sign in using the account you use for Microsoft 365 administration. No data is shared with WebVine or Injio during this step.
Injio Next Gen Licensing API Consent
Step 1 • Required role: Application Administrator or Global Administrator
Grants the Injio Next Gen web parts permission to identify your Microsoft 365 tenant for licence verification. Microsoft will show a consent dialog. This is a one-time action.
| Permission | Type | Purpose |
|---|---|---|
User.Read |
Delegated | Read the signed-in user’s profile to identify the tenant |
Content Trust Dashboard Consent
Optional • Required role: Application Administrator or Global Administrator
Only needed if your organisation uses the Content Trust Dashboard (Injio’s external app including the Copilot Assessment Tool). Grants it delegated permission to sign users in and read SharePoint content on their behalf. You can come back and complete this later if needed.
| Permission | Type | Purpose |
|---|---|---|
offline_access, openid, profile, User.Read
|
Delegated | Authenticate and maintain the signed-in user’s session |
Sites.Read.All, Sites.ReadWrite.All,
Sites.Manage.All
(SharePoint)
|
Delegated | Read content and create the Dashboard’s backend lists on the user’s behalf |
Write access is used only to create the Dashboard’s own backend lists; access is always bounded by what the signed-in user can already see.
API Access Approval
Step 2 • Required role: SharePoint Administrator or Global Administrator
Before completing this action, WebVine must install at least one Next Gen web part. This will generate the required API permission request, which you can then approve.
- Open SharePoint Admin Center → API access
- Find the pending request: Injio Next Gen Licensing API – access_as_user
- Select it and click Approve
| Permission | Type | Purpose |
|---|---|---|
access_as_user |
Delegated | Allows all Injio Next Gen web parts to validate that they are licensed within your environment |