1. Introduction
Welcome to the EstesoftCloudAgent Terms of Service. By using EstesoftCloudAgent, you agree to be bound by the following terms and conditions. Please read these terms carefully before using the application. If you do not agree to these terms, do not use EstesoftCloudAgent.
2. Description of Service
EstesoftCloudAgent is an OAuth application that enables Active Directory One to perform administrative tasks on Microsoft Entra and Google Workspace tenants on behalf of users. The application facilitates account, license, and group management across supported cloud platforms.
The scopes listed below are essential to provide a complete and functional service to our users. More limited scopes would significantly compromise the application’s ability to operate properly and meet the needs of our customers.
2.1 Required scopes for Google Workspace
The scopes required by EstesoftCloudAgent are listed below.
For a complete overview of the scopes that can be used in Google Workspace see OAuth Scopes for Google APIs.
- userinfo.email
Allows access to the primary email address of the authenticated user.
Required to verify the user’s identity during authentication to personalize the user experience and ensure that operations are performed on the correct account. - userinfo.profile
Allows the application to access user profile information, such as name and image.
Required to customize the application interface, improve interaction, and create a more engaging and relevant user experience. - admin.directory.user
Allows obtaining and managing user attributes in the Google Workspace directory.
Required for creating, editing and deleting users, ensuring efficient and centralized management. - admin.directory.group
Allows obtaining and managing group attributes in the Google Workspace directory. Required for creating, editing and deleting groups, simplifying the management of organizational units and their access policies. - admin.directory.group.member
Allows obtaining and managing information regarding to groups in the Google Workspace directory.
Required for adding and removing members of corporate groups based on organizational changes. This reduces the manual workload for administrators and ensures that groups always reflect the current organization structure. - admin.directory.customer.readonly
Allows read-only access to customer information.
Required to show important information associated with a specific user, such as CustomerId and primary domain, improving transparency and user support. - admin.directory.userschema.readonly
Allows read-only access to any custom schemas associated with the directory.
Required to obtain additional properties associated with users and groups, allowing advanced management of custom information - apps.licensing
Allows obtaining the list of licensed users related to a specific product and assign licenses to users.
Required for effective license management, ensuring that each user has access to the necessary software resources. - apps.order.readonly
Allows read-only access to product information in use for the client associated with the authenticated user.
Required to obtain SkuId and SkuName, which are vital for proper license assignment and subscription management. - gmail.send
Allows emails to be sent on behalf of a user.
Required to automate communications and improve productivity by allowing notifications and updates to be sent directly from the platform. - gmail.settings.basic
Allows management of users’ basic Gmail account settings.
Required to change the language of the interface, resulting in a change of time zone and date/time format.
2.2 Required scopes for Microsoft Entra
The scopes required by EstesoftCloudAgent are listed below.
For a complete overview of the scopes that can be used in Microsoft Graph see Microsoft Graph Permissions Reference.
- Application.ReadWrite.All
Allows reading and writing of all applications registered in the Microsoft Entra Tenant.
Required to manage creation, modification and deletion of applications. - Application.ReadWrite.OwnedBy
Allows reading and writing only applications owned by the authenticated user.
Required to manage only its own applications without access to other users’ applications. - CrossTenantInformation.ReadBasic.All
Allows to read basic information about all Tenants.
Required to obtain information on several organizations without accessing sensitive data. - Directory.ReadWrite.All
Allows reading and writing of all information in the Microsoft Entra directory.
Required to fully manage the directory, including management of users, groups, and other resources. - Directory.Write.Restricted
Allows writing (with restrictions) information to the Microsoft Entra directory.
Required to update specific information without granting full read access. - Domain.ReadWrite.All
Allows reading and writing all domain information about the Tenant Microsft Enter domains.
Required to configure and manage corporate domains. - Group.Create
Allows the creation of new groups in the organization.
Required to automate the creation of groups without requiring additional read or write permissions on existing groups. - Group.ReadWrite.All
Allows reading and writing all group information.
Required to fully manage groups, including editing memberships. - GroupMember.ReadWrite.All
Allows you to read and write group membership information.
Required for managing group memberships without accessing other information about the groups themselves. - LicenseAssignment.ReadWrite.All
Allows reading and writing of license assignments to users.
Required to manage the distribution and assignment of software licenses within the organization. - Mail.Send
Allows email to be sent as the authenticated user.
Required to send email on behalf of users without accessing their mailbox. - Mail.Send.Shared
Allows you to send email as another user with shared access.
Required to send email on behalf of another user with which you share access. - MailboxSettings.ReadWrite
Allows to reading and writing the mailbox settings of the authenticated user.
Required to configure mailbox settings. - Member.Read.Hidden
Allows reading hidden members in groups.
Required to access information about members that are not visible by default. - MultiTenantOrganization.ReadWrite.All
Allows reading and writing information across multi-tenant organizations.
Required to manage resources and configurations across multiple tenants, providing centralized management. - User.EnableDisableAccount.All
Enables and disables user accounts.
Required to manage the status of user accounts, for example, to suspend access in case of suspicious activity. - User.ManageIdentities.All
Allows management of all user identities.
Required to create, update and delete user identities, as well as configure authentication methods and manage group memberships. - User.ReadWrite.All
Allows reading and writing of all user information.
Required to fully manage user information, including creation and modification of user profiles.
3. Use of the Service
The use of EstesoftCloudAgent is subject to the following requirements and restrictions:
- Authorization:
EstesoftCloudAgent operates with credentials provided by users and requires appropriate permissions to access data and perform operations on cloud tenants. - User Responsibilities:
Users are responsible for properly configuring credentials and permissions within Active Directory One. - Restrictions on Use:
Using EstesoftCloudAgent for illegal, unauthorized, or infringing purposes is prohibited. Users must comply with all applicable laws while using the service.
4. Privacy and Security
Privacy and security of user data are of paramount importance to us. EstesoftCloudAgent adheres to strict security measures to protect user information. Use of the service implies acceptance of our Privacy Policy.
5. Availability of the Service
We do our best to ensure that EstesoftCloudAgent is available and functional at all times. However, we do not guarantee uninterrupted or error-free access to the service. We may temporarily suspend the service for maintenance or upgrades without notice.
6. Limitation of Liability
EstesoftCloudAgent is provided on an “as is” and “as available” basis. We make no warranties of any kind, express or implied, regarding the reliability, availability, or suitability of the service for a particular purpose. We are not liable for direct, indirect, incidental, special or consequential damages arising out of the use or inability to use EstesoftCloudAgent.
7. Changes to the Terms of Service
We reserve the right to change these Terms of Service at any time. Changes will be posted on this page and, if significant, we will notify you through Active Directory One or by email. By continuing to use EstesoftCloudAgent after such changes, you agree to the new terms.
8. Contract Termination
We may suspend or terminate your access to EstesoftCloudAgent at any time, without notice or liability, if we believe you have violated these Terms of Service or if we decide to discontinue the service.
9. Contact
For questions or clarification regarding these Terms of Service, you may contact us at this link.
10. Applicable Law
These Terms of Service shall be governed by and construed in accordance with the laws of the country in which Estesoft is located. Any disputes arising under these terms will be resolved in the competent courts of that jurisdiction.