Skip to main content
Version: 8.1

Set up OAuth authentication for Microsoft Office 365

Level: intermediate

OAuth is an open authentication standard that enables restricted access delegation. OAuth provides third-party applications secure delegated access to protected user resources without saving user credentials in the application.

OAuth authentication setup for Microsoft 365 consists of the following steps:

  1. Create parameters in Microsoft 365. 
  2. Enter the parameters in Creatio.

Create parameters in Microsoft 365

  1. Register your Creatio application in Azure Active Directory identity and access management service (Azure AD) as administrator. Learn more in the Microsoft documentation. To do this, sign in the Azure portal at portal.azure.com as administrator of Azure AD.

  2. Click All Services in the menu and open the App Registrations section (Fig. 1).

    Fig. 1 Open the App registrations section
    Fig. 1 Open the App registrations section
  3. Click New registration (Fig. 2).

    Fig. 2 New registration
    Fig. 2 New registration
  4. Enter “Creatio” in the Name field.

  5. Select “Accounts in this organizational directory only” in the Supported Account Types field. 

  6. Select “Web” and specify the redirection URI in the Redirect URI field. The URI must follow this template: https://[your_website].creatio.com/0/rest/Office365OAuthAuthenticator/ProcessAuthenticationCode (Fig. 3).

    Fig. 3 Register an application
    Fig. 3 Register an application
  7. Click Register at the bottom.

  8. Add permissions to provide application access to users. Learn more about adding web-API permissions in the Microsoft documentation.

  9. Add permissions for Microsoft Graph API: 

    1. Click Add a permission (Fig. 4). This opens the Request API permissions section. 

      Fig. 4 Open the Request API Permissions section
      Fig. 4 Open the Request API Permissions section
    2. Open the APIs my organization uses tab in the section that opens. 

    3. Select “Microsoft Graph” in the list of supported APIs.

    4. Specify the “Delegated permissions” permission type. 

    5. Select the User.Read checkbox. 

    6. Click Add permissions

  10. Add permissions for Office 365 Exchange Online API: 

    1. Click Add a permission. This opens the Request API permissions section. 
    2. Open the APIs my organization uses tab in the section that opens. 
    3. Select “Office 365 Exchange Online API” in the list of supported APIs. 
    4. Specify the “Delegated permissions” permission type.
    5. Select the EWS.AccessAsUser.All checkbox (Fig. 5). 
    6. Click Add permissions
    Fig. 5 Add permissions for Office 365 Exchange Online API
    Fig. 5 Add permissions for Office 365 Exchange Online API
  11. Click Grant admin consent for Tenant button to grant admin consent to permissions configured for Creatio (Fig. 6). Learn more about the Admin consent button in the Microsoft documentation.

    Fig. 6 Grant admin consent for tenant
    Fig. 6 Grant admin consent for tenant
  12. Click Overview in the menu and copy the application ID from the Application (client) ID field (Fig. 7).

    Fig. 7 Application (client) ID field
    Fig. 7 Application (client) ID field
  13. Create a client secret for Creatio. Learn more in the Microsoft documentation. To do this, open the Certificates & secrets section → New client secret (Fig. 8).

    Fig. 8 Create a client secret
    Fig. 8 Create a client secret
  14. Specify the key duration in the Expires field. We recommend setting it to 24 months.

  15. Copy the client secret from the Value column (Fig. 9).

    Fig. 9 Value column
    Fig. 9 Value column
    note

    The secret value expires after specified period. After the expiration, create a new client secret by repeating steps 13–15 and add it to Creatio.

Enter the parameters in Creatio

  1. Click the to open the System Designer.

  2. Go to the System setup block → the Lookups section. 

  3. Open the List of email providers lookup.

  4. Open the “Office 365” email provider or copy it to add a new email provider (Fig. 10).

    Fig. 10 “Office 365” email provider
    Fig. 10 “Office 365” email provider
  5. Change the Authentication type parameter to “OAuth 2.0.” This brings up Application (client) ID and **Client secret-- fields. 

  6. Enter the value of the Application (client) ID field from Azure in the Application (client) AD field. Enter the value of the Value field from Azure in the Client secret field (Fig. 11).

    Fig. 11 Enter the client ID and client secret in Creatio
    Fig. 11 Enter the client ID and client secret in Creatio
  7. Click Apply.

As a result, you can set up your mailbox via OAuth.


See also

Work with emails

Set up the Microsoft Exchange and Microsoft 365 services

Mailbox setup FAQ