Sign-in via Entra ID (OAuth 2.0 / OIDC) The user authenticates against your own tenant. Garba never handles any credentials. We use the authorization code flow with refresh tokens (offline_access) for continuous synchronization.
Delegated permissions – not application permissions The permission applies in the context of the signed-in user, not tenant-wide. Admin consent for the permissions is required if you have configured Entra that way. No app roles or service principals with tenant-wide access are created.
The only Graph scope is Calendars.Read (read-only) We have neither Calendars.ReadWrite nor any other write/mutation permission. The integration is technically incapable of creating, modifying, or deleting calendar events.
What we read Meeting metadata: title, time, participants, and meeting link. This is used solely to determine which meetings the recording assistant should join. Nothing is written back.
Fully revocable Access can be revoked at any time by the user themselves or centrally by you (revoke in Entra). Conditional access applies fully, since everything goes through standard OIDC against your tenant.
Email is separate and opt-in The calendar connection grants no mail access. Mail.Read / Mail.Send is only requested if you explicitly enable the email feature.
Property
Value
Permission type | Delegated (per user) |
Graph scope |
|
Tenant-wide access | No |
Write permission | None |
Admin consent | Required if you have it configured |
Revocable | Yes, at any time |
If you want to review the permissions before approving, they are shown in Microsoft's consent dialog at sign-in.
