Samna for Entra ID and Exchange consist of two Enterprise Apps that need to be imported to your tenant.
Enterprise App - Samna - For
Overview
This document outlines the Microsoft Graph permissions required for the Samna Portal. The portal serves three primary functions:
Providing Single Sign-On (SSO) for users Managing and configuring meeting room devices Mapping devices to specific meeting rooms Note: The portal does not handle room bookings - it is strictly for device management and user authentication.
Required Permissions
Click on the collapsed content to expand details
1. User.Read
Purpose: Sign in and read user profile
Business Justification:
Enables basic Single Sign-On (SSO) functionality Allows the portal to authenticate administrators and users Required for verifying user access levels for device management Provides basic user context for audit logging 2. User.ReadBasic.All
Purpose: Read all users' basic profiles
Business Justification:
Enables administrators to manage user access to different devices Allows viewing which users have management rights for specific rooms Required for displaying user information in device configuration logs Helps in tracking who made changes to room/device settings 3. openid
Purpose: Sign users in
Business Justification:
Fundamental requirement for implementing SSO Provides secure authentication through Microsoft identity platform Enables secure session management Required for maintaining authenticated states during device configuration 4. email
Purpose: View users' email address
Business Justification:
Required for sending device configuration notifications Enables system alerts about device status changes Needed for sending access grant confirmations Allows notification routing for device maintenance alerts 5. profile
Purpose: View users' basic profile
Business Justification:
Required for proper user identification in the management interface Enables role-based access control for device management Provides necessary user context for audit trails Helps in tracking device configuration changes Security Considerations
All permissions are delegated, operating under the signed-in user's context Permissions are limited to the minimum required for device management and SSO No room booking permissions are included as this is handled by a separate system Integration Notes
These permissions support only device management and user authentication Room booking functionality is handled by a separate app, Samna - Exchange Online Meetingroom Connector Device-to-room mapping is managed within the portal but doesn't require additional Microsoft Graph permissions Enterprise App - Samna - Exchange Online Meeting Room Connector - For Calendar synchronization
Overview
This document outlines the Microsoft Graph application permissions required for the Samna Exchange Online Meeting Room Connector. These permissions operate at the application level and require admin consent, enabling automated system-to-system integration between Samna and Exchange Online.
Click on the collapsed content to expand details
Required Permissions
1. Calendars.ReadWrite
Purpose: Read and write calendars in all mailboxes
Business Justification:
Enables automated synchronization of meeting room calendars Required for reading room availability across the organization Necessary for managing meeting room bookings programmatically Allows the system to handle conflicts and updates in real-time Essential for maintaining accurate room availability status 2. Place.Read.All
Purpose: Read all company places
Business Justification:
Required to maintain an up-to-date inventory of all meeting rooms Enables discovery of new meeting rooms and location changes Allows access to room capabilities and attributes Necessary for mapping rooms to their respective calendars Essential for maintaining accurate room metadata 3. User.Read.All
Purpose: Read all users' full profiles
Business Justification:
Required for mapping meeting organizers to room bookings Enables proper attribution of room reservations Necessary for maintaining accurate booking audit trails Allows verification of user permissions for room access Essential for security and compliance tracking Security Considerations
All permissions are application-level, requiring explicit admin consent Operates as a system-level integration rather than user-delegated access Higher permission levels are necessary for automated system operation Access is controlled through secure service principal authentication Implementation Notes
Permissions are configured at the Entra ID application level No user-delegated permissions are required Integration operates as a background service Regular security audits should monitor these elevated permissions Admin Consent Requirements
All permissions require administrator consent due to their broad scope and application-level access. This ensures:
Organizational oversight of room management systems Proper security governance Controlled deployment of integration features Compliance with organizational security policies
Please follow the documentation for a step-by-step guide on how to register and create your first device. 
Microsoft Graph Permissions Documentation
