Prerequisites

<< Click to Display Table of Contents >>

Raynet One Data Hub > 14.0 u1 > Connectors > Alphabetic Connector List > Microsoft 365 

Prerequisites

For a connection there are two ways to connect to the M365 API.

 

1.Authentication with client_secret:

oTenant (e.g. ae920d54-43e4-4e1e-ba99-6d010a689326)

oClient_id (e.g. 11d96d2d-b347-4132-a89a-0bf5fb0962b6)

oClient_secret (e.g. D927Q~xy0tFUvetlWpwgJRkV-bhsbEVlNumOU)

2.Authentication with certificate and private key

oTenant (e.g. ae920d54-43e4-4e1e-ba99-6d010a689326)

oClient_id (e.g. 11d96d2d-b347-4132-a89a-0bf5fb0962b6)

oCertificate (e.g. ----BEGIN CERTIFICATE-----MIIJNjCCBx6gAwljAggTbQAsk0xDD...)

oPrivate key (e.g. ----BEGIN PRIVATE KEY------MIIEvQIBsDdNBtkqhkiG9w0BAQEFA...)

 

The variant with certifcate and private key is explained in the Best Practice Configuration chapter.

 

Authentication with Client_secret

1.Login at https://aad.portal.azure.com.

2.Go to Azure Active Directory and click on App registration.

 

MS365_DashboardAzureActiveDirectory

 

3.Click on New registration.

 

MS365_DashboardNewRegistration

 

4.Give a name to the application (e.g. Data Hub).

 

MS365RegisteranApplication

 

Supported account types

Description

Accounts in this organizational directory only

This option maps to Azure AD only single-tenant.

 

This is the default option unless the app is being registered outside of a directory. In cases where the app is registered outside of a directory, the default is Azure AD multi-tenant and personal Microsoft accounts.

Accounts in any organizational directory

This option maps to an Azure AD only multi-tenant.

 

If the connector has been registered as Azure AD only single-tenant, it can be updated to be Azure AD multi-tenant and back to single-tenant through the Authentication blade.

Accounts in any organizational directory and personal Microsoft accounts

This option maps to the Azure AD multi-tenant and personal Microsoft accounts.

 

If the connector has been registered as Azure AD multi-tenant and personal Microsoft accounts, it cannot be changed in the UI. Instead it is necessary to use the application manifest editor to change the supported account types.

 

5.Then click on Register.

6.Copy the Application (client) ID and the Directory (tenant) ID and paste it into any text editor for further reference.

 

MS365RegisteredApplication

 

7.Go to Certificate and secrets and click on New client secret.

 

MS365CertificatesSecrets

 

8.Click on Add (description is optional).

 

MS365_AddClientSecret

 

9.Copy the client secret (Value).

 

MS365_ClientSecrets

 

10.Click on View API Permission.

 

MS365_CallAPIs

 

11.Click on Add a permission.

 

MS365_AddAPIPermission

 

12.Under Microsoft APIs, select Microsoft Graph.

 

MS365_RequestAPIPermissions

 

13.Select Application permissions.

 

MS365_ApplicationPermissions

 

14.Select ALL required permission (see https://docs.microsoft.com/en-us/graph/api/user-list-directreports?view=graph-rest-1.0&amp;amp;tabs=http), e.g. User.Read.All. Click Add Permissions.

 

MS365_SelectAPIPermissions

 

15. Click on Grant admin consent for...

 

MS365_ConfiguredPermissions

 

16.Check if status is set to Granted for...

 

MS365_GrantedPermissions

 

17.Note down the tenant ID, client ID, and client secret.