Skip to main content

Microsoft 365 authentication

Prerequisites

To create a connection, you need the following:

  • Client ID
  • Client Secret
  • Tenant ID
  • Email
  • Scopes

Scopes

Default scopes configured: Mail.Read, Mail.Read.Shared, Mail.ReadWrite, Mail.ReadWrite.Shared, Mail.Send, Mail.Send.Shared, MailboxSettings.ReadWrite, Calendars.Read, Calendars.Read.Shared, Calendars.ReadWrite, Calendars.ReadWrite.Shared, profile, openid, email, offline_access, and User.Read.

By design, the Microsoft Graph API requires at least the User.Read and offline_access permissions to create a connection. The permissions profile, openid, email, offline_access, and User.Read are described as follows:

  • profile - Includes basic profile information in tokens.
  • openid - Allows you to enable Single Sign-On capabilities for the connection.
  • email - Includes the primary email address of the user as a claim in the ID token.
  • offline_access - Responsible for creating and granting refresh tokens.
  • User.Read - Allows you to read user information, such as the user email, basic profile details, which will be used as the connection identity.

For more details on authentication, check How to connect to Microsoft 365 activities and Microsoft 365 HTTP Request.

note

All listed Microsoft Graph permissions are delegated permissions. This means the connection operates on behalf of the signed-in user, and the access granted is limited to what that user is allowed to do in Microsoft 365.

Adding the Microsoft 365 authentication

  1. Select Orchestrator from the product launcher.
  2. Select a folder, and then navigate to the Connections tab.
  3. Select Add connection.
  4. To open the connection creation page, select the connector from the list. You can use the search bar to find the connector.
  5. Configure the following fields:
    • Client ID - You can find the ID in the Overview section of your Microsoft Azure application registration.
    • Client secret - The client secret from the Certificates & secrets section of your Microsoft Azure application.
    • Tenant ID - The Microsoft Azure tenant ID for an app from the Overview section.
      note

      If you use a multi-tenant application, keep the default value common. If you use a single-tenant application, retrieve the tenant ID from Azure. For more details, check How to find your Microsoft Entra tenant ID.

    • Environment - Optionally, select an environment from the dropdown list:
      • Office 365 (default)
      • US Government L4 - Public Sector domain
      • US Government L5 - Public Sector domain
      • China Select Office 365 (default) for all regions, and only switch to Government or China for cloud deployments.
      note

      For more details on environments, check Microsoft Graph and Graph Explorer service root endpoints.

  6. Select Connect.