Setting up Office 365 daemon app registration
Set up an Office 365 daemon app registration to enable global admin authorizations, configure API permissions, and connect service accounts with Aurinko.
Last updated
Set up an Office 365 daemon app registration to enable global admin authorizations, configure API permissions, and connect service accounts with Aurinko.
Last updated
Setting up an Office 365 / Azure app registration that allows global admin authorizations (or daemon OAuth2 flow) is quite similar to the regular Azure app registration described in the article Office 365 OAuth setup. Please follow "Creating an app registration" steps from that article if you have not created any app registrations yet or want to create a separate daemon app registration.
The following settings are specific to daemon app registrations (daemon OAuth2 flow).
Head to the "API permissions" panel and click "Add a permission".
Choose Microsoft Graph set of permissions
You'll need to determine what Graph API permissions you add to your consent screen based on your application's behavior. Please reference this mapping to see how Aurinko scopes will map to Graph API permissions during the authentication process:
Then add all required Application permissions, i.e. Calendars.ReadWrite
, Contacts.ReadWrite
, Mail.ReadWrite
, Mail.Send
.
This is what your application permissions screen should look like
Creating OAuth credentials
Prepare a self-signed certificat, see this article for sample instructions. The certificate and its private key will need to be uploaded to Aurinko later. Then, head to the "Certificates & secrets" panel and click "Upload certificate".
Configure Aurinko to use your Office 365 OAuth (Daemon) credentials
Head on over to Aurinko portal and log in.
Select your app at the top, choose Settings menu and switch to the OFFICE 365 tab. Enter Client ID, Private key, and Certificate into the form and save.
You are now all set to start connecting Office 365 service accounts to Aurinko!
Aurinko scope | Graph API permission |
---|---|
Mail.ReadOnly
Mail.Read
Mail.ReadWrite
Mail.ReadWrite
Mail.Send
Mail.Send
Calendar.ReadOnly
Calendars.Read
Calendar.ReadWrite
Calendars.ReadWrite
Contacts.ReadOnly
Contacts.Read
Contacts.ReadWrite
Contacts.ReadWrite