You can use these credentials to authenticate the following nodes:

  • Microsoft Dynamics CRM
  • Microsoft Excel
  • Microsoft Graph Security
  • Microsoft OneDrive
  • Microsoft Outlook
  • Microsoft SharePoint
  • Microsoft Teams
  • Microsoft Teams Trigger
  • Microsoft To Do

Prerequisites

  • Create a Microsoft Azure account.
  • Create at least one user account with access to the appropriate service.
  • If the user account is managed by a corporate Microsoft Entra account, the administrator account has enabled the option “User can consent to apps accessing company data on their behalf” for this user (see the Microsoft Entra documentation).

Supported authentication methods

  • OAuth2

Refer to the linked Microsoft API documentation below for more information about each service’s API:

Using OAuth2

Some Microsoft services require extra information for OAuth2. Refer to Service-specific settings for more guidance on those services.

For self-hosted users, there are two main steps to configure OAuth2 from scratch:

  1. Register an application with the Microsoft Identity Platform.
  2. Generate a client secret for that application.

Follow the detailed instructions for each step below. For more detail on the Microsoft OAuth2 web flow, refer to Microsoft authentication and authorization basics.

Register an application

Register an application with the Microsoft Identity Platform:

  1. Open the Microsoft Application Registration Portal.
  2. Select Register an application.
  3. Enter a Name for your app.
  4. In Supported account types, select Accounts in any organizational directory (Any Azure AD directory - Multi-tenant) and personal Microsoft accounts (for example, Skype, Xbox).
  5. In Register an application:
    1. Copy the OAuth Callback URL from your credential.
    2. Paste it into the Redirect URI (optional) field.
    3. Select Select a platform > Web.
  6. Select Register to finish creating your application.
  7. Copy the Application (client) ID and paste it as the Client ID.

Refer to Register an application with the Microsoft Identity Platform for more information.

Generate a client secret

With your application created, generate a client secret for it:

  1. On your Microsoft application page, select Certificates & secrets in the left navigation.
  2. In Client secrets, select + New client secret.
  3. Enter a Description for your client secret.
  4. Select Add.
  5. Copy the Secret in the Value column.
  6. Paste it as the Client Secret.
  7. If you see other fields in the credential, refer to Service-specific settings below for guidance on completing those fields.
  8. Select Connect my account to finish setting up the connection.
  9. Log in to your Microsoft account and allow the app to access your info.

Refer to Microsoft’s Add credentials for more information on adding a client secret.

Service-specific settings

The following services require extra information for OAuth2:

Dynamics

Dynamics OAuth2 requires information about your Dynamics domain and region. Follow these extra steps to complete the credential:

  1. Enter your Dynamics Domain.
  2. Select the Dynamics data center Region you’re within.

Refer to the Microsoft Datacenter regions documentation for more information on the region options and corresponding URLs.

Microsoft (general)

The general Microsoft OAuth2 also requires you to provide a space-separated list of Scopes for this credential.

Refer to Scopes and permissions in the Microsoft identity platform for a list of possible scopes.

Outlook

Outlook OAuth2 supports the credential accessing a user’s primary email inbox or a shared inbox. By default, the credential will access a user’s primary email inbox. To change this behavior:

  1. Turn on Use Shared Inbox.
  2. Enter the target user’s UPN or ID as the User Principal Name.

SharePoint

SharePoint OAuth2 requires information about your SharePoint Subdomain.

To complete the credential, enter the Subdomain part of your SharePoint URL. For example, if your SharePoint URL is https://tenant123.sharepoint.com, the subdomain is tenant123.

Common issues

Here are the known common errors and issues with Microsoft OAuth2 credentials.

Need admin approval

When attempting to add credentials for a Microsoft360 or Microsoft Entra account, users may see a message when following the procedure that this action requires admin approval.

This message will appear when the account attempting to grant permissions for the credential is managed by a Microsoft Entra. In order to issue the credential, the administrator account needs to grant permission to the user (or “tenant”) for that application.

The procedure for this is covered in the Microsoft Entra documentation.