Connecting to Office 365
Office 365 is a Microsoft subscription solution that includes Microsoft Office and other services, such as email, SharePoint and Teams. Office 365 provides a comprehensive set of software tools and services that facilitate office documentation, communication, and management tasks.
We provide built-in connectors for the most popular Microsoft Office 365 services:
- Exchange Online
- Teams
- SharePoint Online
- OneDrive
- Delve
Interact utilizes the Microsoft Graph API to interface with the Office 365 ecosystem.
When to use this option: Connecting to Office 365 is useful if you want to provide direct integration to the Microsoft tools directly from your intranet.
Configuring Azure App Registration
1. Navigate to App Registrations
From the Azure portal homepage, go to App registrations (the quickest method would be via searching from the top search bar.
2. Register a new App
If you have an existing app, please skip to Step 3.
Otherwise:
- Click on App Registrations;
- Specify a name for the new App;
- Click Register.
Existing Registrations
It's likely that in most cases an existing App has been registered for Interact used to provide SSO capabilities to users who authenticate using Azure Directory. In this case, the existing App must be used there is no requirement to create a new App.
3. Obtain the Application ID
Make a note of the Application Client ID. This will be used in the "Client ID" field within the marketplace configuration in Interact.
4. Specify the Redirect URIs
- Navigate to 'Authentication' in the side menu;
- Select 'Add a platform' from under 'Platform Configurations';
- From the side panel that appears, select the 'Mobile and desktop applications' icon;
- In the 'Custom redirect URIs' field, add the Application (client) ID and the URI of your Interact instance to add 2 Redirect URIs using the following formats:
- Redirect 1: {YourIntranetDomain}/microsoftGraph/signin-oidc-{Application (client) ID}
- Redirect 2: {YourIntranetDomain}/marketplace/microsoft/account/sign-in/oauth2
For example, if your Application (client) ID is f5b4b8dd-4464-4062-a931-4eaf9900db84, and your Interact URI is https://acme.interactgo.com, then the redirects would be added as:
- Redirect 1: https://acme.interactgo.com/microsoftGraph/signin-oidc-f5b4b8dd-4464-4062-a931-4eaf9900db84
- Redirect 2: https://acme.interactgo.com/marketplace/microsoft/account/sign-in/oauth2
Case Sensitive
Please note the Redirect URI is case sensitive and will not automatically remove whitespace.
5. Enable ID tokens
6. Generate a client secret
Save a copy of your client secret.
Once you leave this page, you will not be able to access the client secret again and will have to generate a new one.
7. Configure API Permissions
Request the required Delegated API Permissions as outlined in the table below
| Microsoft API | Permission Name |
|---|---|
| Microsoft Graph | openid |
| Microsoft Graph | profile |
| Microsoft Graph | Calendars.ReadWrite |
| Microsoft Graph | Directory.Read.All |
| Microsoft Graph | Group.ReadWrite.All |
| Microsoft Graph | Mail.ReadWrite |
| Microsoft Graph | MailboxSettings.Read |
| Microsoft Graph | People.Read |
| Microsoft Graph | Sites.Read.All |
| Microsoft Graph | Tasks.ReadWrite |
| Microsoft Graph | User.Read |
| Microsoft Graph | User.ReadBasic.All |
| Sharepoint | Sites.Search.All |
8. Grant Consent
For a better user experience, it is recommended that you grant consent on behalf of your users. This allows for a seamless authentication experience by removing the need for users to grant permissions.
- Within the Azure portal, navigate to App registrations
- Select the relevant app created for Interact
- Navigate to API Permissions
- Click Grant admin consent for ... button
- Confirm you wish to grant consent.
Azure Consent
Microsoft provides a detailed overview of user consent used within Azure applications in Understanding Azure AD application consent experiences
Configuring Interact Marketplace
- From Application Settings > Control Panel > Marketplace, select Office
- Specify the Application (client) ID and Client Secret from the Azure portal App Registration.
- If configuring SharePoint, enter the root of your SharePoint instance. E.g.
https://acme.sharepoint.com/
Private Authority
The authority dictates which directory Azure will use to sign in users.
If left blank, this defaults to the
/commonauthority. To use this, ensure that the application is configured to be multi-tenanted.However, we recommend using a single-tenant application (default). As such, you need to define the authority. This takes the form:
https://login.microsoftonline.com/{tenant-id}This tenant ID can be found below the client ID used in step 3.
More information can be found https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-client-application-configuration#authority.
Caching
Please note that Interact temporarily caches the Application (client) ID within a users session context. Therefore changes to the Application (client) ID will result in an error for active users. A user can force a cache refresh by logging out and back into Interact
Streamlining Office 365 Authentication
To improve the performance of the Office 365 integrations on first use, Interact can perform a pre-authentication step upon login to Interact.
- From Application Settings > Control Panel > Manage Security > Manage SAML Authentication, select Identity Providers of the relevant Azure settings
- Edit the relevant Identity Provider
- Check 'Automatically authenticate against Microsoft Graph' and Save
Updated about 3 years ago