Skip to main content


Detailed technical information on user authorization and access control


Users are authenticated using Azure AD for SSO. Simply log into Microsoft's Azure Active Directory using your companies email address, if you are the first person from your company to log in, you will be asked to enter some information about your company first.


User authentication is the process of limiting what users can access according to the work they need to perform.

Policies are used to define what users or groups of users are allowed to do in the system.

Static Policies

There are a number of built-in, static policies that a user is given by default:

ReadMyProfile-Built-InAllows you to read and update your own profile
ReadTenantUsers-Built-InAllows you to read the profiles of all users in your tenant

Implied Policies

Implied policies are policies that are automatically added to a user if certain conditions are met:

User has create and update rights to the object service

ManageAllData-Built-InAllows full CRUD access to the data service
ManageAllEvents-Built-InAllows full CRUD access to the event service

Default Policies

When a new tenant is onboarded, the following policies are automatically created by default.

ManageAllPrivateDataAllows full CRUD access to all private data

Before removing or changing this policy, ensure you add a policy to allow someone in your tenant to manage policies

For full details on policies and how to manage them, see Policies in ODSL