Set up OAuth authentication for Microsoft Office 365

PDF
Products
All Creatio products

OAuth is an open authentication standard that enables restricted access delegation. OAuth provides third-party applications secure delegated access to protected user resources without saving user credentials in the application.

OAuth authentication setup for Microsoft 365 consists of the following steps:

  1. Create parameters in Microsoft 365. 
  2. Enter the parameters in Creatio.

Create parameters in Microsoft 365

  1. Register your Creatio application in Azure Active Directory identity and access management service (Azure AD) as administrator. Learn more in the Microsoft documentation. To do this, sign in the Azure portal at portal.azure.com as administrator of Azure AD.
  2. Click All Services in the menu and open the App Registrations section (Fig. 1).
    Fig. 1 Open the App registrations section 
    scr_oauth_app_registration.png
  3. Click New registration (Fig. 2).
    Fig. 2 New registration
    scr_oauth_new_registration.png
  4. Enter “Creatio” in the Name field.
  5. Select “Accounts in this organizational directory only” in the Supported Account Types field. 
  6. Select “Web” and specify the redirection URI in the Redirect URI field. The URI must follow this template: “https://[your_website].creatio.com/0/rest/Office365OAuthAuthenticator/ProcessAuthenticationCode" (Fig. 3).

    Fig. 3 Register an application
    scr_oauth_8.png
  7. Click Register at the bottom.

  8. Add permissions to provide application access to users. Learn more about adding web-API permissions in the Microsoft documentation.
  9. Add permissions for Microsoft Graph API: 

    1. Click Add a permission (Fig. 4). This opens the Request API permissions section. 

      Fig. 4 Open the Request API Permissions section
      scr_oauth_3.png
    2. Open the APIs my organization uses tab in the section that opens. 

    3. Select “Microsoft Graph” in the list of supported APIs.  

    4. Specify the “Delegated permissions” permission type. 

    5. Select the User.Read checkbox. 

    6. Click Add permissions

  10. Add permissions for Office 365 Exchange Online API: 

    1. Click Add a permission. This opens the Request API permissions section. 

    2. Open the APIs my organization uses tab in the section that opens. 

    3. Select “Office 365 Exchange Online API” in the list of supported APIs. 

    4. Specify the “Delegated permissions” permission type.  

    5. Select the EWS.AccessAsUser.All checkbox (Fig. 5). 

    6. Click Add permissions

    Fig. 5 Add permissions for Office 365 Exchange Online API
    scr_oauth_9.png
  11. Click Grant admin consent for Tenant button to grant admin consent to permissions configured for Creatio. Learn more about the Admin consent button in the Microsoft documentation.
  12. Click  Overview in the menu and copy the application ID from the Application (client) ID field (Fig. 6).
    Fig. 6 Application (client) ID field
    scr_oauth_5.png
  13. Create a client secret for Creatio. Learn more in the Microsoft documentation. To do this, open the Certificates & secrets section → New client secret (Fig. 7).
    Fig. 7 Create a client secret
    scr_oauth_6.png
  14. Specify the key duration in the Expires field.  We recommend setting it to 24 months.
  15. Copy the client secret from the Value column (Fig. 8).

    Fig. 8 Value column
    scr_oauth_11.png

    Note. The secret value expires after specified period. After the expiration, create a new client secret by repeating steps 13–15  and add it to Creatio.

Enter the parameters in Creatio

  1. Click the [system designer button logo] to open the System Designer.
  2. Go to the [ System setup ] block → the [ Lookups ] section. 
  3. Open the  [ List of email providers ] lookup.

  4. Open the “Office 365” email provider or copy it to add a new email provider (Fig. 9).

    Fig. 9 "Office 365” email provider
    scr_oauth_13.png
  5. Change the [ Authentication type ] parameter to “OAuth 2.0.” This brings up [ Application (client) ID ] and [ Client secret ] fields. 
  6. Enter the value of the [ Application (client) ID ] field from Azure in the [ Application (client) AD ] field. Enter the value of the [ Value ] field from Azure in the [ Client secret ] field (Fig. 10). 
    Fig. 10 Enter the client ID and client secret in Creatio 
    scr_oauth_14.png
  7. Click [ Apply ].

As a result, you can set up your mailbox via OAuth.