Microsoft 365
  • 24 Oct 2024
  • 3 Minutes to read
  • Dark
    Light

Microsoft 365

  • Dark
    Light

Article summary

Configuration

There are several Microsoft 365 resources that ReportWORQ can leverage, such as SharePoint, Teams, Email, and Authentication. To simplify the configuration required to leverage these services ReportWORQ provides a single place to manage this configuration. In order to leverage these services the IT administrator responsible for Microsoft Azure will need to create an Azure App Registration and then enter a Client ID, Tenant ID and Secret value in the ReportWORQ Microsoft 365 section.

Azure App Registration

This step should be performed by the Microsoft Azure IT Administrator

To use Microsoft 365 Authentication with ReportWORQ you must first perform these steps in Microsoft Azure.

  • Log into your Azure tenant and create a new App Registration

  • Provide a name for the Application and choose the appropriate API access

    • Most users will choose Accounts in this organizational directory only.

    • Do not provide a Redirect URI in this step

    • Record the Application (Client) ID, and Directory (tenant ID) from the Overview screen for ReportWORQ configuration.

  • Choose Certificates & secrets from the left pane

    • Create a new client secret with a description and expiry date

    • Set a reminder to create a new secret and update ReportWORQ before it expires

    • Important! Record the Secret Value (not the Secret ID) for use in the ReportWORQ configuration

  • Choose Authentication from the left pane

    • Choose Add a Platform and select Web 

      • Note that selecting any platform other than Web will not work properly

    • Select the option to enable Access Tokens

    • Enter the following redirect URLs:

      • http://localhost:8300/signin-oidc

      • http://localhost:8300/server/v0/get-office365-smtp-token

      • http://localhost:8300/server/v0/get-office365-sharepoint-token

Redirect URLs

Azure App Registrations limit non-SSL HTTP redirect URLs to localhost. If ReportWORQ is running under HTTPS then you may adjust the server name and port which will allow Microsoft 365 Authentication to be performed from a user workstation. Otherwise use localhost, as shown above, and the one-time authentication must be performed from a browser on the machine that ReportWORQ is installed on. The ReportWORQ Administrator will need to remote into the server to perform the authentication so that the redirect URL localhost is valid.

  • Choose API Permissions, select Microsoft Graph and Delegated permissions and add the following permissions

Channel.ReadBasic.All

ChannelMessage.Send

Chat.Create

Chat.ReadWrite

Files.ReadWrite.All

IMAP.AccessAsUser.All

offline_access

POP.AccessAsUser.All

SMTP.Send

Sites.Read.All

Sites.ReadWrite.All

Team.ReadBasic.All

User.Read

User.ReadBasic.All


  • Choose Add permissions to save changes

  • The following information should be provided to the ReportWORQ administrator to complete the configuration: Client ID, Tenant ID, Secret Value

Minimum Permissions

The minimum permissions required by ReportWORQ to access SharePoint email distribution and user authentication are the following:

  • offline_access

  • Sites.Read.All

  • Sites.ReadWrite.All

  • Files.ReadWrite.All

  • SMTP.Send

  • User.Read

  • User.ReadBasic.All

Note:

The "Sites.ReadWrite.All" permission doesn't grant users access to all SharePoint sites; it grants access only to those sites to which the users have been explicitly added. When a user's credentials are entered for Microsoft 365 authentication in ReportWORQ, the effective permissions for that user are the overlap between the API permissions and their personal ones. The sites made available to a given user depend on that user's granted permissions.

Microsoft 365 Configuration

This step should be performed by the ReportWORQ Administrator

To configure Microsoft 365 enabled services in ReportWORQ you must first provide the necessary provider settings and then authenticate with Microsoft 365.

  • Enter the Tenant Id, Client Id and Secret value

  • Choose Authenticate... under the Graph API section and authenticate with Microsoft 365

  • Choose Authenticate... under the Outlook API section and authenticate with Microsoft 365

Common Authentication Errors

Did you see this message?
AADSTS50011: The redirect URI 'http://servername:8300' specified in the request does not match the redirect URIs configured for the application

This error message appears when the user attempts to authenticate and the browser URL doesn't match the redirect URL that the Azure IT Administrator entered into the Azure App Registration. The default non-SSL configuration requires that the browser address appear as http://localhost:8300. If your browser URL appears differently then you may need to remote into the server where ReportWORQ is installed and then perform this authentication step from a browser on that machine using http://localhost:8300.

Microsoft 365 Services

This step should be performed by the ReportWORQ Administrator

With the Azure App Registration created and the ReportWORQ Microsoft 365 configuration applied and authentication, you can now begin to leverage Microsoft 365 for the following services.


Was this article helpful?

What's Next