Applicable plans:


Depending on how your organization has configured access to third-party apps, you might be shown a message as below, explaining that you "need admin approval".

Waldo requires the following read-only permissions from you or your organization:

  • Read user profile.
  • Read all users' basic profiles.
  • Read names and members of user chat threads.


The Waldo app uses OpenID authentication to get access to Office 365 resources. Authentication principles are detailed here:

These permissions are OAuth standard permissions (based on Azure AD Application specifications). The Waldo App needs to access your Microsoft Teams instance to read user profiles as a normal user would do (with the same "level" permissions as a normal user). The "consent" is an activation in your O365 tenant, to specify that "Waldo is an application and will need to authenticate to the office server with a user account". In addition, the Waldo app will always need a user account to authenticate to the online server. So there are two security levels: application-level AND user-level. Without a user account, Waldo cannot access the online server, even if you have provided consent.

To use these Office 365 APIs, it is necessary to use an Active Directory account that is authenticated on the specified Office 365 tenant and to specify the application ID.

Thanks to the consent process, your data are secured. Waldo employees CANNOT, in any way, access your data.

How to consent the Kickle app

You will need Microsoft 365 administrative privileges.

To grant permission to Waldo:

  1. Open the Microsoft Teams admin center:
  2. Go to Teams apps > Manage apps.
  3. Search for "Waldo".
  4. Click on "Waldo".
  5. Under "Permissions", select Review permissions.
  6. Click on "Consent".