Contents x
    Microsoft 365
    • 24 Oct 2024
    • 3 Minutes to read
    • Print
    • Dark
      Light
    Contents

    Microsoft 365

    • Updated on 24 Oct 2024
    • 3 Minutes to read
    • Print
    • Dark
      Light
    Article summary

    Configuration

    There are several Microsoft 365 resources that ReportWORQ can leverage, such as SharePoint, Teams, Email, and Authentication. To simplify the configuration required to leverage these services ReportWORQ provides a single place to manage this configuration. In order to leverage these services the IT administrator responsible for Microsoft Azure will need to create an Azure App Registration and then enter a Client ID, Tenant ID and Secret value in the ReportWORQ Microsoft 365 section.

    Azure App Registration

    This step should be performed by the Microsoft Azure IT Administrator

    To use Microsoft 365 Authentication with ReportWORQ you must first perform these steps in Microsoft Azure.

    • Log into your Azure tenant and create a new App Registration

    • Provide a name for the Application and choose the appropriate API access

      • Most users will choose Accounts in this organizational directory only.

      • Do not provide a Redirect URI in this step

      • Record the Application (Client) ID, and Directory (tenant ID) from the Overview screen for ReportWORQ configuration.

    • Choose Certificates & secrets from the left pane

      • Create a new client secret with a description and expiry date

      • Set a reminder to create a new secret and update ReportWORQ before it expires

      • Important! Record the Secret Value (not the Secret ID) for use in the ReportWORQ configuration

    • Choose Authentication from the left pane

      • Choose Add a Platform and select Web 

        • Note that selecting any platform other than Web will not work properly

      • Select the option to enable Access Tokens

      • Enter the following redirect URLs:

        • http://localhost:8300/signin-oidc

        • http://localhost:8300/server/v0/get-office365-smtp-token

        • http://localhost:8300/server/v0/get-office365-sharepoint-token

    Redirect URLs

    Azure App Registrations limit non-SSL HTTP redirect URLs to localhost. If ReportWORQ is running under HTTPS then you may adjust the server name and port which will allow Microsoft 365 Authentication to be performed from a user workstation. Otherwise use localhost, as shown above, and the one-time authentication must be performed from a browser on the machine that ReportWORQ is installed on. The ReportWORQ Administrator will need to remote into the server to perform the authentication so that the redirect URL localhost is valid.

    • Choose API Permissions, select Microsoft Graph and Delegated permissions and add the following permissions

    Channel.ReadBasic.All

    ChannelMessage.Send

    Chat.Create

    Chat.ReadWrite

    Files.ReadWrite.All

    IMAP.AccessAsUser.All

    offline_access

    POP.AccessAsUser.All

    SMTP.Send

    Sites.Read.All

    Sites.ReadWrite.All

    Team.ReadBasic.All

    User.Read

    User.ReadBasic.All


    • Choose Add permissions to save changes

    • The following information should be provided to the ReportWORQ administrator to complete the configuration: Client ID, Tenant ID, Secret Value

    Minimum Permissions

    The minimum permissions required by ReportWORQ to access SharePoint email distribution and user authentication are the following:

    • offline_access

    • Sites.Read.All

    • Sites.ReadWrite.All

    • Files.ReadWrite.All

    • SMTP.Send

    • User.Read

    • User.ReadBasic.All

    Note:

    The "Sites.ReadWrite.All" permission doesn't grant users access to all SharePoint sites; it grants access only to those sites to which the users have been explicitly added. When a user's credentials are entered for Microsoft 365 authentication in ReportWORQ, the effective permissions for that user are the overlap between the API permissions and their personal ones. The sites made available to a given user depend on that user's granted permissions.

    Microsoft 365 Configuration

    This step should be performed by the ReportWORQ Administrator

    To configure Microsoft 365 enabled services in ReportWORQ you must first provide the necessary provider settings and then authenticate with Microsoft 365.

    • Enter the Tenant Id, Client Id and Secret value

    • Choose Authenticate... under the Graph API section and authenticate with Microsoft 365

    • Choose Authenticate... under the Outlook API section and authenticate with Microsoft 365

    Common Authentication Errors

    Did you see this message?
    AADSTS50011: The redirect URI 'http://servername:8300' specified in the request does not match the redirect URIs configured for the application

    This error message appears when the user attempts to authenticate and the browser URL doesn't match the redirect URL that the Azure IT Administrator entered into the Azure App Registration. The default non-SSL configuration requires that the browser address appear as http://localhost:8300. If your browser URL appears differently then you may need to remote into the server where ReportWORQ is installed and then perform this authentication step from a browser on that machine using http://localhost:8300.

    Microsoft 365 Services

    This step should be performed by the ReportWORQ Administrator

    With the Azure App Registration created and the ReportWORQ Microsoft 365 configuration applied and authentication, you can now begin to leverage Microsoft 365 for the following services.

    Was this article helpful?
    What's Next