Nimbus User Permissions

Permissions required to enable individual user features

Affects all Nimbus Users: Please read carefully

Nimbus call distribution and search functionality greatly depends on the permissions granted by individual user.

When logging into Nimbus for the first time, your User Icon in the Nimbus Portal will display a warning to inform that permission consent is required.

🔍The individual sections of this page are explained in further detail below.


Section: User Permissions

Nimbus Users: These permissions are managed and granted only by and for your currently logged-in user.

Missing permissions warning in the Portal UI next to your user icon: Mouse over the indidivual items to see which detail permissions are needed.

Missing Permission Warning

When your user is missing permissions (usually when Nimbus was just provisioned or new features were added), a warning is shown on your user icon. 

🤔 What are the individual permissions needed for?

Features marked with "☝" in the table below are required for any productive work with Nimbus - otherwise the Call Handling features and Apps like Attendant Console will not work properly.

💡 You can also mouse over the individual entries to check which detail permissions are granted.

💡A separate consent request is prominently shown in the Contact Search of Attendant Console upon opening for the first time.

Feature Required Permission Effects
☝ Basic Search User.Read          
Basic search for users via their clear name.
☝ Exchange Contacts Search Contacts.Read          
Expands the search to the current user's Exchange Directory. 
☝ Calendar View Calendars.Read,          
Will grant calendar view permissions.
Presence Presence.Read.All Shows a small presence status indicator next to the user.
Nimbus User Permissions

🤔 What happens if I don't grant these permissions ?

Without consent, Nimbus cannot search users within your Tenant and/or check calendar entries of your contacts to determine user availability to distribute calls.

Nimbus still works without giving these permissions, but is limited to your basic Microsoft Teams client functionality: Call Accept and On-Hold. Your user may review Reporting details but not interact with services in a productive way. More advanced Nimbus Apps and Features such as Attendant Console or Chat bot interaction will only work with these permissions. 


🤔 My Permissions show as already granted, why?

A global Administrator on your Tenant can already grant most permissions on your behalf. If this has been done, no warnings and related further action may be required anymore. Also, please note:

  • You can either grant single permissions or all at once by clicking Consent on the "All Features" row. → A popup will open to inform you about the required permissions.
  • Any related Nimbus features requiring the same permissions will also be checked off as "OK" as their permission needs are fulfilled.

Section: Admin Permissions

These permissions can be managed and granted by any tenant administrator - either as single permissions or all at once. 

When your currently logged-in user has Service Administration rights you can see the following section:

Since Nimbus cannot detect if you are also a Global Tenant Administrator, this section also shows field to copy the URL.


  • If you are the Tenant Admin, simply paste the URL to your browser and grant the permissions.
  • If you are not the Tenant Admin, send the link to any Tenant Administrator to grant consent for all Nimbus users.

→ In either case an Azure permissions dialog opens, allowing to grant consent. This needs to be done only once by any tenant administrator with the corresponding rights. Afterwards the permissions should be granted to all future users of Nimbus.

💡 Each user needs to to log out and back in for tenant-wide changes to take effect.

Feature Required Permission Effects
Advanced Search User.Read.All

Basic search for users via name works without consent.

Advanced Search will grant filtering permissions according to predefined search categories / fields (e.g. city, department, job title)

🤔 Which fields are covered by these advanced search permissions?

INC Supported User Search Fields

Required Permissions

User.Read.All permissions must be granted to use this feature. As a Tenant Admin, head to the Nimbus Portal > User Preferences > Permissions "Tab" > Advanced Search and manage consent for your entire tenant. Read Required User Permissions for more details.



✅ Fields are supported by search.
🔍 Fields additionally support "CONTAINS" as search operator. Example: Searching for 'cha' will not only find 'Chadwick' but also 'Michael' 
➕ These fields support Filter capabilities which can be used to narrow down a contact search in Attendant Console.

☝ KNOWN LIMITATION: The search covers the predefined Nimbus Address Books fields, but no custom-fields can currently be searched. We are working to gradually alleviate this situation and make the search experience more consistent.

Searchable Field Nimbus   
Address Books
Tenant Directory
(User Address Book)
Id       Nimbus internal entity ID
External.Id       ID the system where the entry was imported from.
Display Name ✅ 🔍 ✅  ✅ 🔍 Firstname / Lastname combination
Given Name   ✅    First name
First Name ✅ 🔍     First name
Last Name ✅ 🔍     Last / Family name
Initials ✅ 🔍     Initials (e.g. "JK")
Surname   ✅    Surname
Mail ✅ 🔍 ✅  Email Address
User Principal Name ✅ 🔍 ✅    Consists of: user name (logon name), separator (the @ symbol) and domain name (UPN suffix)
Job Title ✅ 🔍 ➕  ✅ ➕ ✅ 🔍 ➕ Job Title
Business Phones ✅ 🔍     Business Phone
Home Phones ✅ 🔍      Home Phone
Mobile Phones ✅ 🔍     Mobile Phone
IM Address ✅ 🔍     IM SIP Address
Street ✅ 🔍     Streed Address
City ✅ 🔍 ✅ ✅ ➕   Code and City
Company ✅ 🔍 ✅   ✅ ➕ ☝ Company 
Country ✅ 🔍 ➕ ✅ ➕   Country of Origin
Department ✅ 🔍 ➕ ✅ ➕ ✅ ➕ ☝ Department
State ✅ 🔍 ➕ ✅ ➕   State
Postal Code ✅ 🔍     Postal Code
Picture, binary       User Picture
External.CustomField1-10       Custom Field








Section: Bot Registration

Each Nimbus user that needs to handle Instant Messages from external customers needs to "register" once with a bot that will be sending out Chat Handling sessions.

Bots are required to post Adaptive Cards to you and inform you about incoming chat tasks

🤔 Why is this required? The bot needs to act as "mediator" between external customer and internal Nimbus user. As there is no call toast or ring notification, the bot will use Adaptive Cards as primary means of checking if a user is ready to accept a pending chat session.

💡 Good to know: If you are not handling Chat or the Instant Messaging modality from either services directly via Interact you do not need to register with the bot.


In case you decide to Uninstall Nimbus or do not participate in any Nimbus service anymore, you can revoke the consent manually in your User Settings:

  1. This link will open your Office Portal
  2. Head to App-Permissions menu → Opens in a new browser.
  3. Identify the Luware Inc. Apps product (e.g. Nimbus) therein and revoke the permissions.

💡 Note: Certain app permissions may not be revokeable because the Tenant Administrator gave his consent, overriding your individual user settings.


Table of Contents