Setting up an Office 365 / Azure app registration that allows global admin authorizations (or daemon OAuth2 flow) is quite similar to the regular Azure app registration described in the article Office 365 OAuth setup. Please follow "Creating an app registration" steps from that article if you have not created any app registrations yet or want to create a separate daemon app registration.
The following settings are specific to daemon app registrations (daemon OAuth2 flow).
Specifying API permissions
Head to the "API permissions" panel and click "Add a permission".
Choose Microsoft Graph set of permissions
You'll need to determine what Graph API permissions you add to your consent screen based on your application's behavior. Please reference this mapping to see how Aurinko scopes will map to Graph API permissions during the authentication process:
| Aurinko scope | Graph API permission |
|---|---|
Mail.ReadOnly | Mail.Read |
Mail.ReadWrite | Mail.ReadWrite |
Mail.Send | Mail.Send |
Calendar.ReadOnly | Calendars.Read |
Calendar.ReadWrite | Calendars.ReadWrite |
Contacts.ReadOnly | Contacts.Read |
Contacts.ReadWrite | Contacts.ReadWrite |
Then add all required Application permissions, i.e. Calendars.ReadWrite, Contacts.ReadWrite, Mail.ReadWrite, Mail.Send.
This is what your application permissions screen should look like
Creating OAuth credentials
Prepare a self-signed certificat, see this article for sample instructions. The certificate and its private key will need to be uploaded to Aurinko later. Then, head to the "Certificates & secrets" panel and click "Upload certificate".
Configure Aurinko to use your Office 365 OAuth (Daemon) credentials
Head on over to Aurinko portal and log in.
Select your app at the top, choose Settings menu and switch to the OFFICE 365 tab. Enter Client ID, Private key, and Certificate into the form and save.
You are now all set to start connecting Office 365 service accounts to Aurinko!