Set up OAuth authentication for Microsoft Office 365
OAuth is an open authentication standard that enables restricted access delegation. OAuth provides third-party applications secure delegated access to protected user resources without saving user credentials in the application.
OAuth authentication setup for Microsoft 365 consists of the following steps:
- Create parameters in Microsoft 365.
- Enter the parameters in Creatio.
Create parameters in Microsoft 365
-
Register your Creatio application in Azure Active Directory identity and access management service (Azure AD) as administrator. Learn more in the Microsoft documentation. To do this, sign in the Azure portal at portal.azure.com as administrator of Azure AD.
-
Click All Services in the menu and open the App Registrations section (Fig. 1).
-
Click New registration (Fig. 2).
-
Enter “Creatio” in the Name field.
-
Select “Accounts in this organizational directory only” in the Supported Account Types field.
-
Select “Web” and specify the redirection URI in the Redirect URI field. The URI must follow this template:
https://[your_website].creatio.com/0/rest/Office365OAuthAuthenticator/ProcessAuthenticationCode
(Fig. 3). -
Click Register at the bottom.
-
Add permissions to provide application access to users. Learn more about adding web-API permissions in the Microsoft documentation.
-
Add permissions for Microsoft Graph API:
-
Click Add a permission (Fig. 4). This opens the Request API permissions section.
-
Open the APIs my organization uses tab in the section that opens.
-
Select “Microsoft Graph” in the list of supported APIs.
-
Specify the “Delegated permissions” permission type.
-
Select the User.Read checkbox.
-
Click Add permissions.
-
-
Add permissions for Office 365 Exchange Online API:
- Click Add a permission. This opens the Request API permissions section.
- Open the APIs my organization uses tab in the section that opens.
- Select “Office 365 Exchange Online API” in the list of supported APIs.
- Specify the “Delegated permissions” permission type.
- Select the EWS.AccessAsUser.All checkbox (Fig. 5).
- Click Add permissions.
-
Click Grant admin consent for Tenant button to grant admin consent to permissions configured for Creatio (Fig. 6). Learn more about the Admin consent button in the Microsoft documentation.
-
Click Overview in the menu and copy the application ID from the Application (client) ID field (Fig. 7).
-
Create a client secret for Creatio. Learn more in the Microsoft documentation. To do this, open the Certificates & secrets section → New client secret (Fig. 8).
-
Specify the key duration in the Expires field. We recommend setting it to 24 months.
-
Copy the client secret from the Value column (Fig. 9).
noteThe secret value expires after specified period. After the expiration, create a new client secret by repeating steps 13–15 and add it to Creatio.
Enter the parameters in Creatio
-
Click the to open the System Designer.
-
Go to the System setup block → the Lookups section.
-
Open the List of email providers lookup.
-
Open the “Office 365” email provider or copy it to add a new email provider (Fig. 10).
-
Change the Authentication type parameter to “OAuth 2.0.” This brings up Application (client) ID and **Client secret-- fields.
-
Enter the value of the Application (client) ID field from Azure in the Application (client) AD field. Enter the value of the Value field from Azure in the Client secret field (Fig. 11).
-
Click Apply.
As a result, you can set up your mailbox via OAuth.