To elevate an Advanced Session, sapio365 will let you create an “elevation application” with “application type” permissions. Before sapio365 version 2.1.10, “delegated type” permissions from the Advanced Session were used to perform the majority of actions in sapio365. The “elevation application” was mainly used to handle users' mail and OneDrives.
With the release of 2.1.10, sapio365 now uses the “elevation application” to perform the majority of the actions. The “delegated type” permissions will only be used for some specific actions related to group management.
This will ensure that elevating your Advanced Session will effectively extend your capabilities.
How do I create an Advanced session with privileges?
Control and liability
OPTION 1 - Create application from sapio365
Step 1 In an active Advanced session, click on the ‘Elevate Privileges’ button at the top left.
Step 2 Click on 'Continue' to create the application in your Azure AD (this may take a few minutes).
Step 3 Click on 'Proceed' to continue. You'll only see this dialog box after your first launch of an Advanced session in sapio365.
Step 4 Sign in with your credentials.
Step 5 Consent to the permissions used by the application.
You're now ready to access all mailbox and site content!
OPTION 2 - Create application at the v2 Azure Active Directory Endpoint
Step 2 Create a new registration
Step 3 Name your application.
Redirect URI (optional): If you choose not to give consent during the registration process (Step 7) and to give consent directly in sapio365, you will need to enter the following URI: . This is the default address used by sapio365 to complete the consent process. If you need to enter a different address, you may.
Step 4 Register it.
Step 5 Copy and save the Application ID to enter in sapio365.
Step 6 Add permissions.
Step 7 Click on “User.Read” permission.
Step 8 Remove this permission.
Step 9 Click on “Add permission”.
Step 10 Click on Add permissions.
Step 11 Click on “Microsoft Graph”.
Step 12 Click on “Application permissions”.
Step 13 Select permissions.
In each category, check the required permissions (see the recommended list below) and when finished, click on Add permissions.
You have full flexibility to add whichever permissions you choose. The following list of permission scopes is simply a suggestion. To learn more about these permission scopes, see the Active Directory v.2 Permission Scope Reference Guide.
For a complete experience, the following permission scopes should be assigned:
If you have opted to consent through the application, skip the next steps and go to step 17.
Step 14 Click “Grant admin consent for ….”
Step 15 Confirm the consent request.
Step 16 You will see a confirmation.
Step 17 Go to “Certificates & secrets”.
Step 18 Click on “New client secret”.
Step 19 Choose an expiration period.
Step 20 Click “Add”.
Step 21 Copy and save the new client secret to use in sapio365.
IMPORTANT: This is the only time you will see your password! sapio365 will not let you retrieve it. Take note of it now and keep it safe.