TimeOpera logo Enterprise onboarding
Built inside Microsoft 365

Set up TimeOpera in one controlled flow

Create the workspace site, prepare the notification mailbox, grant site-specific backend access, approve the SharePoint package API request, and complete secure onboarding from one page.

Download time-opera.sppkg Review setup steps Go to onboarding form
One selected SharePoint site

TimeOpera connects only to the site you choose for the workspace and application data.

No tenant-wide SharePoint access

Broader SharePoint tenant access is not requested as part of onboarding or provisioning.

Validated before provisioning

TimeOpera checks the selected site, approved access, and setup details before provisioning begins.

Trust and security

Designed for controlled enterprise deployment

TimeOpera is designed for controlled enterprise deployment. It is granted access only to the SharePoint site you choose, validates access before setup, and leaves end-user SharePoint permissions under your administration.

Least-privilege by design

The setup model keeps SharePoint scope limited to the selected workspace site, supporting governance, review, and auditability.

Administrator-controlled setup

Your administrators control site creation, package deployment, API approval, secure consent, and user access after setup.

Validation before workspace creation

Provisioning starts only after TimeOpera confirms the submitted site and approved access are ready for setup.

End-user access stays with your tenant

TimeOpera does not take over your SharePoint permissions model. Site and page access remain under Microsoft 365 administration.

Required sequence

Complete setup in this order

Complete the steps in this order. TimeOpera has two separate approvals: the backend Microsoft 365 consent and site grant used for provisioning, and the SharePoint Admin Center API approval used by the SPFx package.

Step 1

Create the SharePoint workspace site

Create a dedicated SharePoint site for TimeOpera. This site will host your TimeOpera workspace and application data. TimeOpera will only be granted access to this selected site.

  • A dedicated site improves ownership, lifecycle management, and auditability.
  • Use the exact site URL from this workspace site later in the onboarding form.
  • This is the only SharePoint site TimeOpera will access.
More information
Step 2

Create or identify the notification sender mailbox

Create a dedicated sender mailbox for TimeOpera notifications, such as timeopera@contoso.com. This keeps reminders, approvals, and system messages consistent and recognizable.

  • Use a mailbox that already exists in the customer tenant before onboarding starts.
  • A shared mailbox is the simplest option for most Microsoft 365 administrators.
  • You will enter this address in the onboarding form below.
More information Mailbox setup reference
Step 3

Grant backend access to the selected site only

Grant TimeOpera.API access only to the SharePoint site created for TimeOpera. This backend grant is used for validation and provisioning, and is separate from the SPFx API approval in the next step.

  • Approve access only for the dedicated TimeOpera site, not the wider tenant.
  • The site URL entered in the onboarding form must exactly match the site that received the grant.
  • Provisioning will not begin until Microsoft 365 consent and this exact site grant are validated successfully.
Important: Complete the site-specific grant before selecting Connect Microsoft 365. If Microsoft 365 consent was just approved, allow a short propagation window before retrying setup.
Advanced: Site-specific access grant Technical guidance for administrators who want the exact permission model, application ID, and scripted grant options.
Show details
TimeOpera uses a site-scoped SharePoint permission model. Administrators who prefer technical terminology can treat this as a Sites.Selected style grant and, for the current provisioning flow, assign the site role required for provisioning.
TimeOpera application ID 4518948c-51ed-4c53-9835-da3dcc861377
PnP PowerShell Recommended

This is the most direct scripted option for SharePoint administrators.

Install-Module PnP.PowerShell -Scope CurrentUser
Connect-PnPOnline -Url "https://<tenant>-admin.sharepoint.com" -Interactive
Grant-PnPEntraIDAppSitePermission `
  -AppId "4518948c-51ed-4c53-9835-da3dcc861377" `
  -DisplayName "TimeOpera" `
  -Permissions FullControl `
  -Site "https://<tenant>.sharepoint.com/sites/<site-name>"
Get-PnPEntraIDAppSitePermission -Site "https://<tenant>.sharepoint.com/sites/<site-name>"
Connect-PnPOnline Grant-PnPEntraIDAppSitePermission Get-PnPEntraIDAppSitePermission
Microsoft Graph PowerShell

Suitable for teams already using Microsoft Graph PowerShell automation.

Import-Module Microsoft.Graph.Sites
$params = @{
  roles = @("fullcontrol")
  grantedToIdentities = @(
    @{
      application = @{
        id = "4518948c-51ed-4c53-9835-da3dcc861377"
        displayName = "TimeOpera"
      }
    }
  )
}
New-MgSitePermission -SiteId $siteId -BodyParameter $params
New-MgSitePermission Create permission API
Microsoft Graph REST / Graph Explorer

Best for advanced administrators or internal platform teams using direct API workflows.

POST https://graph.microsoft.com/v1.0/sites/{siteId}/permissions
Content-Type: application/json

{
  "roles": ["fullcontrol"],
  "grantedToIdentities": [{
    "application": {
      "id": "4518948c-51ed-4c53-9835-da3dcc861377",
      "displayName": "TimeOpera"
    }
  }]
}
Create permission API Selected permissions overview
Step 4

Upload the TimeOpera package and approve SPFx API access

Upload the TimeOpera package to your SharePoint App Catalog and approve the pending TimeOpera API access request. This approval lets the SharePoint web part request a token for TimeOpera.Api.

  • Package name: time-opera.sppkg.
  • This step requires an administrator who can upload SharePoint Framework solutions to the SharePoint App Catalog.
  • The pending API request should show resource TimeOpera.Api and scope access_as_user.
  • If SharePoint says the requested permission is not valid, reject the request and use the latest package before continuing.
Admin capability required
  • Upload solutions to the SharePoint App Catalog
  • Deploy the solution for the organization
  • Approve API access requests in SharePoint Admin Center
Practical sequence
  • Download time-opera.sppkg
  • Upload it to the App Catalog
  • Approve the pending TimeOpera.Api / access_as_user request
Approval troubleshooting
  • Do not continue if the pending request shows a different scope.
  • Reject invalid requests before uploading a corrected package.
  • Backend site access from Step 3 is still required for provisioning.
Download time-opera.sppkg More information
Step 5

Complete onboarding and start secure setup

Complete the onboarding form to validate your environment and start secure provisioning. TimeOpera checks access before creating the workspace configuration.

Provisioning starts only after Microsoft 365 consent and the selected-site backend grant validate successfully. The SharePoint package API approval should already be complete so users can open TimeOpera after setup.
More information
Use the administrator who is overseeing the onboarding process.
This mailbox should already exist in the customer tenant. A shared mailbox is the recommended option.
Review mailbox guidance Mailbox setup reference
Used to route the admin-consent flow to the correct organization.
Enter the exact same site URL that was approved for TimeOpera access.
Review workspace site step Advanced access grant Package API approval step

Complete the checklist above to continue. TimeOpera will validate site access before provisioning starts.

Step 6

Share the TimeOpera page with the right audience

After setup completes, share the TimeOpera page with the right users or groups. TimeOpera does not manage end-user SharePoint access; access remains under your Microsoft 365 administration.

TimeOpera does not manage end-user SharePoint access.

  • Open the SharePoint site used for TimeOpera and locate Home.aspx in the Site Pages library.
  • Share Home.aspx with the intended users, Microsoft 365 groups, security groups, or Everyone except external users, depending on your internal access model.
  • Keep site and page permissions under the control of your SharePoint or Microsoft 365 administrators.
Step 7

Teams Setup - TimeOpera Quick Setup Guide

Configure Microsoft Teams so users can access TimeOpera directly from Teams without opening the SharePoint site.

  • Open the Microsoft Teams Admin Center and go to App Setup Policies.
  • Select Global (Org-wide default).
  • Add TimeOpera under both Installed apps and Pinned apps, then click Save.
  • Open Manage apps, search for TimeOpera, and copy the App ID.
  • Open the TimeOpera app and go to Admin > App Setup.
  • Paste the App ID into Customer Teams App ID and click Save.
  • After setup is complete, users can access TimeOpera directly from Microsoft Teams.
More information