Authorization

The Office 365 Admin connector is authorized using Oauth2. When you add an Office 365 Admin card to a flow for the first time, you'll be prompted to create a connection.

Tip

You can create multiple connections and manage them from your Connections page.

Prerequisites

  • Office 365 admin account

  • Office 365 admin credentials

To authorize an Office 365 Admin account and grant it the necessary properties to create an account for use with Workflows:

  1. Navigate to your Azure Active Directory console.

  2. Click Enterprise applicationsConsent and permissionsUser consent settings.

  3. Select Allow user consent to apps.

  4. Select Allow group owner consent for all group owners.

To create a new connection:

  1. Click New Connection.

  2. Add a Connection Nickname. This is useful if you plan to create multiple connections to share with your team.

  3. Click Create.

  4. When the Oauth window pops up, log in with your Office 365 administrator account and continue.

Supported scopes

The Office 365 Admin connector supports Application scopes in addition to All and Shared scopes from the Microsoft Graph API.

  • email

  • openid

  • profile

  • offline_access

  • Directory.ReadWrite.All

  • Directory.AccessAsUser.All

  • Directory.Read.All

  • Group.ReadWrite.All

  • Calendars.ReadWrite

  • Calendars.ReadWrite.Shared

  • Contacts.ReadWrite.Shared

  • Contacts.ReadWrite

  • Contacts.Read

  • Files.ReadWrite.All

  • Mail.ReadWrite.Shared

  • Mail.Send.Shared People.Read.All

  • AccessReview.ReadWrite.All

  • AccessReview.ReadWrite.Membership Analytics.Read

  • AdministrativeUnit.ReadWrite.All

  • AppCatalog.ReadWrite.All Bookings.ReadWrite.All

  • Chat.ReadWrite

  • PrivilegedAccess.ReadWrite.AzureAD

  • PrivilegedAccess.ReadWrite.AzureResources

  • EduAdministration.ReadWrite

  • Financials.ReadWrite.All

  • IdentityProvider.ReadWrite.All

  • IdentityRiskEvent.Read.All

  • IdentityRiskyUser.Read.All

  • DeviceManagementApps.ReadWrite.All

  • DeviceManagementConfiguration.ReadWrite.All

  • DeviceManagementManagedDevices.PrivilegedOperations.All

  • DeviceManagementManagedDevices.ReadWrite.All

  • DeviceManagementRBAC.ReadWrite.All

  • DeviceManagementServiceConfig.ReadWrite.All

  • Mail.Send.Shared

  • MailboxSettings.ReadWrite

  • Member.Read.Hidden Notes.ReadWrite.All

  • Notes.Create

  • Notifications.ReadWrite.CreatedByApp

  • OnPremisesPublishingProfiles.ReadWrite.All

  • Organization.ReadWrite.All

  • Place.Read.All

  • ProgramControl.ReadWrite.All

  • Reports.Read.All

  • RoleManagement.ReadWrite.Directory

  • SecurityEvents.ReadWrite.All

  • SecurityActions.ReadWrite.All

  • ThreatIndicators.ReadWrite.OwnedBy

  • Sites.FullControl.All

  • Tasks.ReadWrite

  • Tasks.ReadWrite.Shared

  • Agreement.ReadWrite.All

  • AgreementAcceptance.Read.All

  • Policy.Read.All

  • Policy.ReadWrite.TrustFramework

  • UserActivity.ReadWrite.CreatedByApp

  • User.ReadWrite.All User.Invite.All

  • User.Read.All

See Microsoft Graph permissions reference.

Related topics

Office 365 Admin connector

About the elements of Okta Workflows

Office 365 Admin Management API overview