Resources

< All Topics

STOCKHOLM safety, authentication and approval

Updated

PDF guide

Click to access this guide in downloadable PDF format.

Why is it safe to use STOCKHOLM?

STOCKHOLM is the core product of  ESUPS (Emergency Supply Pre-positioning Strategy), a project funded by USAID/BHA, hosted by Welthungerhilfe and led by a Steering Group consisting of key humanitarian logistics actors.

In addition:

  • STOCKHOLM is managed by Welthungerhilfe (WHH) and hosted on two servers located in Europe;
  • It is being developed in accordance with GDPR requirements;
  • It is developed by Tonkin + Taylor, a registered company, who specialises in agile post-disaster website development.

Microsoft Azure AD Authentication

STOCKHOLM uses Microsoft Azure AD login as one of the authentication methods, which is a cloud-based identity and access management service managed by Microsoft. This app requires your internal IT administrator’s approval to use it as a sign-in and to read the user profile (e.g., email and username).

Here is a screenshot of the Microsoft required approval pop-up that appears:

Once tenant-wide approval has been granted by your internal IT administrator, anyone from that same agency will be able to access the STOCKHOLM website going forward. Individual approval for different users within the same agency is not required.

Providing approval to the app permission request

Steps required to approve the app permission request:

  1. Sign in to the Azure portal using an Azure AD user account with one of the following roles:
    Global Administrator or Privileged Role Administrator, for granting consent for apps requesting any permission, for any API.
    Cloud Application Administrator or Application Administrator, for granting consent for apps requesting any permission for any API, except Azure AD Graph or Microsoft Graph app roles (application permissions).
    – A custom directory role that includes the permission to grant permissions to applications, for the permissions required by the application.
  2. Select Azure Active Directory, and then select Enterprise applications.
  3. Select the application to which you want to grant tenant-wide admin consent, and then select Permissions.
  4. Carefully review the permissions that the application requires. If you agree with the permissions the application requires, select Grant admin consent.

For more information, please refer to: Grant tenant-wide admin consent to an application – Microsoft Entra | Microsoft Learn

More Information on what the Admin is asked to approve

The app requires the admin’s approval to:

  1. Sign in and read your user profile
  2. Maintain access to data you have given it access to

Below is an explanation of what that entails.

Content