Application Configuration inĀ Azure Portal for OAuth2 Account to use in Exchange Online
In this article
Overview
Snaps in Exchange Online Snap Pack require an OAuth2 account to access the resources in Azure. For the OAuth2 account to authorize successfully, ensure to create and configure an application corresponding to the account as displayed in the workflow.
You must complete steps one to three in the Azure Portal and the remaining steps in the Snap account (SnapLogicĀ®Platform).
Prerequisites
An Azure account with a free subscription to create the application.
Key Steps in the Workflow
Create an Application in the Azure Portal
Log in to the Microsoft Azure Portal.
Navigate to Azure services > Microsoft Entra ID.
Navigate to AddĀ > App registration.
On the Register an application page, specify theĀ name for registering the application and clickĀ Register. For more information on creating an application, refer to Register a client application in Microsoft Entra ID for the Azure Health Data Services.
ToĀ use an existing application, navigate to Portal Home > Azure Active Directory > App registrations > All applications. In the search box, specify the application name you want to use. The details of the registered application are displayed in the search list.
Define Permissions
The Exchange Online Snap Pack supports the following three types of accounts:
The permissions for the registered application are either Delegated or Application permissions based on the account types. Select Delegated permissions for OAuth2 User Accounts and Application permission for OAuth2 Application Accounts.
On the left navigation panel, navigate to Manage, selectĀ API permissionsĀ > Add a permission.
Ā
On the Request API permissionsĀ window,Ā selectĀ Microsoft GraphĀ > Delegated permissions andĀ Application permissions for the OAuth2 Account.
Ā
Select the permissions from Files, Users, and Teams. Choose the minimum and mandatory API permissions listed under Scopes and Permissions.
Click Add Permissions. View all the permissions added under Configured permissions.
Ā
ClickĀ Grant admin consent confirmation and selectĀ Yes.Ā
In the navigation panel, clickĀ Overview, and select Add a Redirect URI. You will be redirected to the Platform configurations page.Ā
UnderĀ Platform configurations,Ā clickĀ Add a platform.
The Configure platforms window displays.SelectĀ Web and specify the Redirect URI in the following format:Ā
https://<control-plane-name>.snaplogic.com/api/1/rest/admin/oauth2callback/<snap-pack-name>
where the<control-plane-name>
corresponds to the domain part of your SnapLogic URLāelastic (global control plane) or emea (EMEA control plane).
For example,https://elastic.snaplogic.com/api/1/rest/admin/oauth2callback/exchangeonline
ClickĀ Configure. A popup message displays which indicates that the application is successfully updated.
Ā
On the Platform configurations page, click Save.
Ā
Locate Application credentials in the Azure Portal
To authorize your account in SnapLogic, you must have the following application credentials:
Application (client) ID
Directory (Tenant) ID
Client secret value
On the application page, navigate to Overview.
Under Essentials, note the Application (client) ID, Directory (tenant) ID, and Client credentials needed for the Snap account.
In the navigation panel, select Manage > Certificates & secrets.
On the Certificates & secrets page, click + New client secret.
In the Add a client secret window, enter the Description, select an option for Expires from the dropdown list, and clickĀ Add.Ā
The Client value and Secret ID areĀ generated. This value and ID are required to configure the OAuth2 account.
You can copy the Client secret value only after it is generated. Note that this value is displayed only once, so ensure to copy it securely.
Scopes and Permissions Required for Exchange Online
You can add the required permission based on the requirements. Learn more about scopes atĀ Microsoft Graph permissions.
Delegated permissions (User account only*) | |||
---|---|---|---|
Permission | Display String | Description | Admin Consent Required? |
offline_access (Mandatory for Autorefresh token) | offline_access | offline_access must be selected in the case you use the Auto-refresh token option. | Yes |
Application permissions | |||
Permission | Display String | Description | Admin Consent Required? |
User.Read.All | User.Read.All | This permission allows the application to read the full set of profile properties, reports, and managers of other users in your organization, on behalf of the signed-in user. | Yes |
Specify the Credentials and Validate the Snap Account
Navigate to the Snap of your choice and configure the OAuth2 account with the details from the Azure portal's registered application.
Select theĀ Auto-refresh tokenĀ checkbox in the account settings and clickĀ Apply.
ClickĀ Authorize. The Access and Refresh tokens are generated.
You will be redirected to the sign-in page of the Azure Portal.
Log in to the Azure Portal with valid credentials to redirect to the Snap Edit account settings dialog. The Access and Refresh tokens are auto-populated but encrypted in the Account settings.
Validate the Snap Account.
Troubleshooting
Common Errors | Reason | Response |
---|---|---|
Error 401 | Token is invalid | Provide a valid token and reauthorize the account. |
The redirect URI specified does not match the reply URI configured for the application. | Incorrect redirect URI specified by user. | Add either of the following redirect_uri:
|
URL error while invoking the operation | Ensure the tenant domain name is correct | Ensure that Directory (tenant) ID noted from the application is in the correct format. Example: 2060aafa-89d9-423d-9514-eac46338ec05 |
Frequently Asked Questions
Related Content
Have feedback? Email documentation@snaplogic.com | Ask a question in the SnapLogic Community
Ā© 2017-2024 SnapLogic, Inc.