Skip to end of banner
Go to start of banner

Application Configuration in Azure Portal for OAuth2 Account to use in Exchange Online

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 86 Current »

In this article

Overview

Snaps in Exchange Online Snap Pack require an OAuth2 account to access the resources in Azure. For the OAuth2 account to authorize successfully, ensure to create and configure an application corresponding to the account as displayed in the workflow.

Steps one to three are done in the Azure Portal, and the remaining steps are done in the Snap account (SL Platform).

Prerequisites

  • An Azure account with a free subscription to create the application.

Key Steps in the Workflow

Create an Application in the Azure Portal

  1. Log in to the Microsoft Azure Portal.

  2. Navigate to Azure services > Microsoft Entra ID.

  3. Navigate to Add > App registration.

  4. On the Register an application page, specify the name for registering the application and click Register. For more information on creating an application, refer to https://learn.microsoft.com/en-us/azure/healthcare-apis/register-application.

To use an existing application, navigate to Portal Home > Azure Active Directory > App registrations > All applications. In the search box, specify the application name you want to use. The details of the registered application are displayed in the search list.

Define Permissions

The Exchange Online Snap Pack supports the following three types of accounts:

The permissions for the registered application are either Delegated or Application permissions based on the account types. Select Delegated permissions for OAuth2 User Accounts and Application permission for OAuth2 Application Accounts.

  1. On the left navigation panel, navigate to Manage, select API permissions > Add a permission.

  2. On the Request API permissions window, select Microsoft Graph > Delegated permissions and Application permissions for the OAuth2 Account.

  3. Select the permissions from Files, Users, and Teams. Choose the minimum and mandatory API permissions listed under Scopes and Permissions.

  4. Click Add Permissions. View all the permissions added under Configured permissions.

  5. Click Grant admin consent confirmation and select Yes

  6. Click Overview, and select Add a Redirect URI. You will be redirected to the Platform configurations page. 

    1. Under Platform configurations, click Add a platform.

    2. Select Web and specify either of the following Redirect URIs based on the region your server is located:
      https://emea.snaplogic.com/api/1/rest/admin/oauth2callback/exchangeonline
      https://elastic.snaplogic.com/api/1/rest/admin/oauth2callback/exchangeonline

    3. Click Configure. A popup message displays which indicates that the application is successfully updated.

  7. On the Platform configurations page, click Save.

Locate Application credentials in the Azure Portal

To authorize your account in SnapLogic, you must have the following application credentials:

  • Application (client) ID

  • Directory (Tenant) ID

  • Client secret value

  1. On the application page, under Essentials, note the Application (client) ID, Directory (tenant) ID and Client credentials needed for the Snap account.

    Application Configuration in Azure Portal for OAuth2 Account to use in Exchange Online__Step1.png

  2. In the left navigation panel, select Manage > Certificates & secrets.

  3. On the Certificates & secrets page, click + New client secret.

  4. In the Add a client secret window, enter the Description, select an option for Expires from the dropdown list, and click Add. 

    The Client secret value and ID are generated. This value and the ID are required to configure the OAuth2 account.

You can copy the Client secret value only after it is generated. Note that this value is displayed only once, so ensure to copy it securely.

Scopes and Permissions Required for Exchange Online

You can add the required permission based on the requirements. Learn more about scopes at Microsoft Graph permissions.

Delegated permissions (User account only*)

Permission

Display String

Description

Admin Consent Required?

offline_access (Mandatory for Autorefresh token)

offline_access

offline_access must be selected in the case you use the Auto-refresh token option.

Yes

Application permissions

Permission

Display String

Description

Admin Consent Required?

User.Read.All

User.Read.All

This permission allows the application to read the full set of profile properties, reports, and managers of other users in your organization, on behalf of the signed-in user.

Yes

Specify the Credentials and Validate the Snap Account

  1. Navigate to the Snap of your choice and configure the OAuth2 account with the details from the Azure portal's registered application.

  2. Select the Auto-refresh token checkbox in the account settings and click Apply.

  3. Click Authorize. The Access and Refresh tokens are generated.

  4. You will be redirected to the sign-in page of the Azure Portal.

  5. Log in to the Azure Portal with valid credentials to redirect to the Snap Edit account settings dialog. The Access and Refresh tokens are auto-populated but encrypted in the Account settings.

  6. Validate the Snap Account.

If you select the Auto-refresh token checkbox, then you must provide offline_access as the Scope in the Token end point config.

Troubleshooting

Common Errors

Reason

Response

Error 401

Token is invalid

Provide a valid token and reauthorize the account.

The redirect URI specified does not match the reply URI configured for the application.

Incorrect redirect URI specified by user.

Add either of the following redirect_uri:

  • https://elastic.snaplogic.com/api/1/rest/admin/oauth2callback/exchangeonline

  • https://emea.snaplogic.com/api/1/rest/admin/oauth2callback/exchangeonline

URL error while invoking the operation

Ensure the tenant domain name is correct

Ensure that Directory (tenant) ID noted from the application is in the correct format.

Example: 2060aafa-89d9-423d-9514-eac46338ec05

Frequently Asked Questions

 Can we use an existing registered application for adding account to the Snap?

Yes, you can register a new application or use an existing application in the Azure portal to create an OAuth account. Refer to the configuration documentation key flow: Create an Application in the Azure Portal. Learn more at https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app

 We are trying to get the Account setup in SnapLogic and need examples of how the values of Application Id, Tenant ID, Secret key would look like. Is there any document refering to this information?

In our configuration documentation, the key workflow Locate application credentials in the Azure Portal highlights the values of Application ID, Client ID, and Secret key. For more information, refer to Exchange Online OAuth2 Application Account.

 Where do I find more support for account related information and other issues?

For any support, contact the support team. The help icon in the Snap would provide referential information with the selected Snap from the application.

 What type of permission does the registered application need?

The Scopes and Permissions Required for the Exchange Online in this document specify the Delegated and Application permissions details. For any other permissions that are needed for the application, refer to https://learn.microsoft.com/en-us/graph/permissions-reference

 How many account does Exchange Online Snap Pack has?

For information on the account and supported account types in Exchange Online Snap Pack, refer to Account types for Exchange Online Snap Pack.


Related Content

  • No labels

Have feedback? Email documentation@snaplogic.com | Ask a question in the SnapLogic Community
© 2017-2024 SnapLogic, Inc.