This document explains what permissions Sedna Calendar requires and how Microsoft administrators can manage access for their organisation.
Sedna Calendar is a calendar integration application that connects with Microsoft 365 to display and manage calendar events. The application uses Microsoft Graph API with delegated permissions, meaning it can only access data on behalf of signed-in users. Because one of the required permissions (Place.Read.All) is classified by Microsoft as admin-only, Sedna Calendar requires admin consent for your organisation. User self-consent is not supported.
Permissions Required
Sedna Calendar requests the following delegated permissions (user-level, not application-level):
| Permission | Purpose | Data Accessed |
| Calendars.ReadWrite | View, create, update, and delete calendar events | User's calendar events only |
| User.Read | Display user profile information | Display name, email address |
| Mail.Send | Send calendar invitations | Sends meeting invites when creating events |
| People.Read | Suggest attendees when creating events | User's contacts for autocomplete |
| Place.Read.All | Show meeting room and location details | Room and building directory |
Security Notes
- All permissions are delegated - the app can only access data the signed-in user can access
- No application-level permissions are used - the app cannot access data without a user present
- Each user can only see and modify their own calendar, not other users' calendars
- Place.Read.All reads only the tenant's shared room and location directory — not other users' calendar contents or personal data.
Admin Consent Options
Granting Admin Consent
An admin grants consent on behalf of all users so they don't see individual consent prompts. Visit the following URL and sign in with an admin account.
After signing in and accepting, the admin will be redirected to Sedna Calendar with a confirmation that consent was granted. All required permissions are included in the URL.
Why user self-consent isn't supported
Sedna Calendar requests the Place.Read.All permission to display meeting rooms and location details. Microsoft classifies this as an admin-only permission because it reads the tenant's shared room and building directory rather than personal data. As a result, users cannot grant consent themselves even if your organization normally allows user consent for apps. A Microsoft 365 administrator must grant consent once for the organization using the steps above.
Alternative: Grant Admin Consent via the Azure Portal
Admins who prefer to avoid the consent URL can grant consent directly in the Microsoft Entra admin center. This is equivalent to using the consent URL. Use whichever is more convenient.
- Navigate to Azure Portal → Microsoft Entra ID (formerly Azure Active Directory)
-
Go to Enterprise Applications
- Left menu → Enterprise applications
- Search for "Sedna Calendar"
- If not found, a user may need to sign in first and attempt to connect their calendar to create the service principal
-
Grant Admin Consent
- Select the Sedna Calendar application
- Go to Permissions in the left menu
- Click Grant admin consent for [Your Organisation]
- Review the permissions and click Accept
- Verify Consent
- After granting, the permissions should show "Granted for [Your Organisation]"
Optional: Restrict Access to Specific Users/Groups
After granting consent using either option above, you can optionally limit which users can use Sedna Calendar.
- Navigate to Enterprise Applications → Select Sedna Calendar
-
Configure User Assignment
- Go to Properties in the left menu
- Set Assignment required? to Yes
- Click Save
-
Assign Users or Groups
- Go to Users and groups in the left menu
- Click Add user/group
- Select the users or security groups that should have access
- Click Assign
Result: Only assigned users can authenticate with Sedna Calendar. Others will see an access denied error.
Conditional Access (Optional)
For organisations with Microsoft Entra ID P1/P2, you can create Conditional Access policies for Sedna Calendar:
- Navigate to Microsoft Entra ID → Security → Conditional Access
- Create new policy targeting the Sedna Calendar enterprise app
- Configure conditions (e.g., require MFA, block certain locations, require compliant devices)
Revoking Access
Remove Org-Wide Consent
- Enterprise Applications → Sedna Calendar → Permissions
- Click Review permissions or remove individual permission grants
Remove for Specific Users
- Enterprise Applications → Sedna Calendar → Users and groups
- Select users and click Remove
Users Can Revoke Their Own Access
Users can remove Sedna Calendar's access at: https://myapps.microsoft.com → Click profile → View account → Manage your apps
Frequently Asked Questions
Q: Can Sedna Calendar access other users' calendars? A: No. Sedna Calendar only uses delegated permissions, meaning it can only access the signed-in user's own calendar data.
Q: Does Sedna Calendar store calendar data? A: Calendar data is cached locally in the user's browser to improve performance. No calendar event data is stored on Sedna servers.
Q: What happens if we revoke consent? A: Users will need to re-authenticate and consent again. Any locally cached data in the browser will become stale.
If you have any issues, feel free to contact our support team.
Comments
0 comments
Please sign in to leave a comment.