How Xoralia accesses your information

How Xoralia accesses your information

Xoralia uses a Microsoft verified Entra ID Enterprise Application to communicate with your Microsoft 365 tenant. Our Enterprise Application uses a mix of delegated and application permissions, which we describe below.

During installation, you will be presented with a permission request like below. This details each of the permissions that Xoralia requires to carry out it’s operations. These permissions are not individually configurable and are required to be accepted by a Microsoft 365 Global Administrator (or Entra Administrator) for Xoralia to work correctly.

Delegated permissions are a type of permission that requires a signed in user to be accessing the application and the operation will be performed on behalf of that user. For example, a delegated operation might be to view a list of files from a SharePoint site – Xoralia will perform this as a delegated query and will query that information as the logged in user, meaning it will only display information to the user that they have access to from that SharePoint site.

Application permissions are a type of permission that does not require a signed in user and will allow the Xoralia application to perform operational and service level tasks without user interaction. An example of this is a library synchronisation that Xoralia performs every 10 minutes to check for updates in SharePoint document libraries.

Xoralia requests the following Microsoft Graph permissions:

    • Send a teamwork activity as the user

        • Type: delegated

        • Reason: Used by our Microsoft Teams app to send notifications to users

    • Sign in and read user profile

        • Type: delegated

        • Reason: Allows the user to sign in to Xoralia and access information within Xoralia

    • Have full control of all site collections

        • Type: delegated

        • Reason: Allows Xoralia administrators to associate libraries to Xoralia to which they have access. Also allows users to read documents within Xoralia to which they have access.

    • Send a teamwork activity to any user

        • Type: application

        • Reason: Used by our Microsoft Teams app to send notifications to users

    • Read all users’ full profiles

        • Type: application

        • Reason: Xoralia allows document owners to target documents to users. This permission allows Xoralia to view users inside of your Microsoft 365 tenant to know which users are to be targeted.

    • Send mail as any user

        • Type: application

        • Reason: As a Xoralia adminstrator, you can set which email address should send notifications (such as must read and expiry notifications). This permission allows Xoralia to do that.

    • Read all groups

        • Type: application

        • Reason: Xoralia allows document owners to target documents to groups. This permission allows Xoralia to view groups inside of your Microsoft 365 tenant to know which users are to be targeted.

    • Read all group memberships

        • Type: application

        • Reason: Xoralia allows document owners to target documents to groups. This permission allows Xoralia to view groups inside of your Microsoft 365 tenant to know which users are to be targeted.

    • Create, edit, and delete items and lists in all site collections

        • Type: application

        • Reason: Xoralia can create libraries and add meta data columns to associated libraries when an Xoralia administrator triggers that action. This permission allows that control – Xoralia will only ever create libraries when a Xoralia administrator requests so and will never use this permission for any other action. This permission is also used by the Xoralia sync process to update library and document information.

    • Read installed Teams apps for all users

        • Type: application

        • Reason: Allows Xoralia to find the Teams app inside of your tenant to send targeted notifications to users (such as Must Read notifications)

You can limit who can access Xoralia by going to Enterprise Applications within Microsoft Entra ID and opening the Xoralia Policy Management app. Once you have this open, select properties and enable the ‘Assignment required?’ option. Save this property and open the ‘Users and Groups’. With this setting enabled, only users and groups listed here will be able to access Xoralia. Add your users and groups here using the ‘Add user/group’ option.

Xoralia 3.0 release notes

Xoralia 3.0 release notes

Highlights of this release:

Line Managers dashboard

Xoralia’s Manager dashboard works using your Microsoft365 Active Directory. For individuals who manage a team and are specified with the Manager field of their teams User profile, Xoralia’s new functionality will allow manager’s to check their teams attestation records and compliance information!

Global search (across all document libraries)

We understand users often don’t know where documents live and their appropriate library. To resolve this issue we have implemented a global search in our new navigation. This allows users to search for partial or full document titles and the results allow them to further refine via filters such as Tags and by Document Contact.

User centric navigation

Xoralia has a re-vamped navigation. Previously the application has required its users to navigate to find documents by first selecting a document library, however our new navigation provides every user with a targeted, more user-centric, consolidated library – “Documents I must read”. This new landing page provides a more useful view, providing the ability to see all outstanding attestations across all document libraries in one view.

Urgent indicator for overdue reads

Building upon our new “Documents I must read” landing page, Xoralia has a new indicator within the navigation to highlight when any attestations are overdue.

Browse by library

Understanding that users may still want to be able to browse documents by library – whether they’re documents requiring attestation or not – the browse by library feature is here to stay, too. Document libraries can be accessed via our ‘quick access’ buttons that display within the My reads section. There is also a dropdown option within the navigation that will show all libraries synced with Xoralia to the user.

Document governance (the new Documents you manage)

“Documents you own” has been re-named to “Document governance”, and what was formally known as “All my documents” is now called “My libraries”. Similarly to our navigation re-structure, My libraries now allows for a simpler method to move through libraries where you are a Document Owner.

“Documents due for review” and “Documents that have expired” have been condensed into one area, “Documents due an update”, and now to quickly identify expired documents Xoralia will show a red exclamation mark next to the documents with an expiry date in the past.

A consolidated ‘Assigned documents’ area

To manage and check the information on documents that have been assigned more quickly, our new navigation contains “Assigned documents” where assigned documents across all libraries will be shown to their respective Document Owners.

Invite Guest User to Active Directory

Adding external users as a guest

These instructions guide you through the process of inviting external guests to your Azure Active Directory. By following these steps, you can seamlessly add collaborators who aren't part of your organization, making collaboration in the Azure environment a breeze.

Invite Guest User to Active Directory

1. Login to Azure Portal via

2. Expand the left menu by clicking the top left button.

3. Click “Microsoft Entra ID”.

4. Click “Users”.

5. Click “+ New user” -> “Invite external user”.

6. Type in the email address of the external guest to be invited in the “Email” textbox. Fill in “Display name” of the external guest.

7. Fill in information under “Properties” tab.

8. Add AD groups which this guest user should be in.

9. Click “Review + invite”.

10. Verify the information is correct and then click “Invite”.

Download user guide: Adding external users as a guest

How to print a document from Xoralia

How to print a document from Xoralia

Firstly, its worth mentioning that only Microsoft Word documents within SharePoint can be printed by the document reader from Xoralia. PDF’s are not printable from the Xoralia interface.

Many might think having policies and such regulated documentation as Microsoft Word documents might not be secure. However, with the right SharePoint document library permissions, word documents are just as secure as PDFs.

By limiting the permissions available to the general user, they will no longer be able to download documents from Xoralia nor download the documents from SharePoint.

It is also worth mentioning that SharePoint’s version control is very powerful. Even after removing access to download or edit documents to the general user, even if a more senior user with the edit access were to amend the document or its metadata, this can always be tracked using SharePoint’s version history feature.

However, if you are not familiar with SharePoint permissions and do not want any risk of editing or downloads from the live library the main advantage of having critical documents as PDFs, are that it provides more control in the no-one, even the M365 administrator will be able to edit the document. Although there are tools online that allow for the conversion of PDF documents to Microsoft Word documents if the user were to download the PDF directly from SharePoint.

For a greater understanding and assistance on SharePoint permissions, Content Formula can provide consultancy during a Xoralia implementation on this topic with our enhanced implementation package.

PHP Code Snippets Powered By :

We use cookies to give you the best experience on our site. By continuing to use our website, you are agreeing to our use of cookies. To find more about the cookies, please see our Cookie notice

You can also read about our Privacy policy

Contact Support

If you have a question about Xoralia software, please fill out the form below and a member of our support team will be in contact with you shortly.