Sharing access to Microsoft 365 items

Shared access is a technology that is used in various yasoon applications.

It allows you to share Microsoft 365 entities like emails, conversations, chats or calendars with other Jira or Confluence users. You are basically giving them a very narrow access to certain information on your behalf.

Security

Security is our top priority when sharing access to entities. Whenever a user shares something with other users, a permission entry, along with a reference to the users authentication tokens is stored in our encrypted database.

When a user requests access to a shared entity like an email, the request is validated based on the permissions configured. When this user is granted access, our server calls the corresponding Microsoft resource on behalf of the user that shared the item. As all the data handling is done via our servers, no direct access is granted to any un-privileged user.

Whenever the user that shared the entity logs out of the app, other users no longer have access to the shared resources. If the user renews their login, access to the shared entity will be restored.

Microsoft 365 entities

The following Office 365 objects can be shared within Jira/Confluence:

• Single mails

• Whole conversations

• Outlook calendars

• Single calendar event/meeting

• Microsoft Teams chats

Permission Types

Each Office 365 item can be shared with a specific permission scope.

The app currently provides the following sharing permissions:

Private

Only allows access to the Office item to the person who shared it.

Validated by the Microsoft login.

Atlassian Cloud

Gives every logged in Atlassian user access to the shared Office item.

Validated by the Atlassian JWT-Token

Public

Gives every user access to the shared Office item even if they are not logged in with Atlassian.

Validated by the Atlassian JWT-Token