Guidance for Office 365 Admin connector
Read the following information for guidance and best practices when using the Office 365 Admin connector in your flows.
Authentication
Create a connection using an admin or user Office 365 Admin account. See Authorization.
Re-authorize a connection
If you’ve used your account to create a connection successfully, you should be able to use this account to create as many connections as you want and re-authorize the old connections as long as no configuration is changed by the admin.
Types of accounts
- Office 365 admin account
-
Office 365 admin credentials
Supported scopes
The following OAuth scopes must be enabled in your Office 365 Admin connector environment:
-
email
-
openid
-
profile
-
offline_access
-
Directory.ReadWrite.All
-
Directory.AccessAsUser.All
-
Group.ReadWrite.All
-
User.ReadWrite.All
-
User.Invite.All
-
Calendars.ReadWrite
-
Calendars.ReadWrite.Shared
-
Contacts.ReadWrite.Shared
-
Files.ReadWrite.All
-
People.Read.All
-
AccessReview.ReadWrite.All
-
AccessReview.ReadWrite.Membership
-
Analytics.Read
-
AdministrativeUnit.ReadWrite.All
-
AppCatalog.ReadWrite.All
-
Bookings.ReadWrite.All
-
Chat.ReadWrite
-
PrivilegedAccess.ReadWrite.AzureAD
-
PrivilegedAccess.ReadWrite.AzureResources
-
EduAdministration.ReadWrite
-
Financials.ReadWrite.All
-
IdentityProvider.ReadWrite.All
-
IdentityRiskEvent.Read.All
-
IdentityRiskyUser.Read.All
-
DeviceManagementApps.ReadWrite.All
-
DeviceManagementConfiguration.ReadWrite.All
DeviceManagementManagedDevices.PrivilegedOperations.All
DeviceManagementManagedDevices.ReadWrite.All
-
DeviceManagementRBAC.ReadWrite.All
-
DeviceManagementServiceConfig.ReadWrite.All
-
Mail.Send.Shared
-
MailboxSettings.ReadWrite
-
Mail.ReadWrite.Shared
-
Member.Read.Hidden
-
Notes.ReadWrite.All
-
Notes.Create
-
Notifications.ReadWrite.CreatedByApp
-
OnPremisesPublishingProfiles.ReadWrite.All
-
Organization.ReadWrite.All Place.Read.All
-
ProgramControl.ReadWrite.All Reports.Read.All
-
RoleManagement.ReadWrite.Directory
-
SecurityEvents.ReadWrite.All
-
SecurityActions.ReadWrite.All
-
ThreatIndicators.ReadWrite.OwnedBy
-
Sites.FullControl.All
-
Tasks.ReadWrite
-
Tasks.ReadWrite.Shared
-
Agreement.ReadWrite.All
-
AgreementAcceptance.Read.All
Policy.Read.All
-
Policy.ReadWrite.TrustFramework
-
UserActivity.ReadWrite.CreatedByApp
Action card or event card-specific limitations
List Contact Folders
List contact folder returns a maximum of two levels of child folders. Use one of the following API call with Custom API action card to return folders.
Returns 1st level contact folders from a folder:
/users/{{userPrincipalName}}/contactFolders/{{contactFolderId}}/childFolders
Returns 1st and 2nd level contact folders from a folder:
/users/{{userPrincipalName}}/contactFolders/{{contactFolderId}}/childFolders?$expand=childFolders
Returns the 1st, 2nd and 3rd level contact folders from a folder:
/users/{{userPrincipalName}}/contactFolders/{{contactFolderId}}/childFolders?$expand=childFolders($expand=childFolders)
Related topics
Office 365 Admin connector
About the elements of Okta Workflows