I want my customers to be able to log in to Zammad with their own Microsoft company account. To do this, I have created a Microsoft app registration “any Entra ID client and personal Microsoft accounts”. It works so far with Zammad, but I don’t understand why “Contacts.Read” is in the scope of the login request. This is an absolute no-go for some customers and I don’t see the need for it. Can I influence the scope?
Infos:
- Used Zammad version:
- Used Zammad installation type: docker-compose
- Operating system: Ubuntu 24.04.2 LTS
- Browser + version: Chrome 137.0.7151.6
Expected behavior:
No contacts.read in oauth scope
Actual behavior:
I cant influence the scope, contacts.read is always set
Steps to reproduce the behavior:
Just login with microsoft account
