Guidance for Office 365 Admin connector

Read the following information for guidance and best practices when using the Office 365 Admin connector in your flows.

Authentication

Create a connection using an admin or user Office 365 Admin account. See Authorization.

Re-authorize a connection

If you’ve used your account to create a connection successfully, you should be able to use this account to create as many connections as you want and re-authorize the old connections as long as no configuration is changed by the admin.

Types of accounts

  • Office 365 admin account
  • Office 365 admin credentials

Supported scopes

The following OAuth scopes must be enabled in your Office 365 Admin connector environment:

  • email

  • openid

  • profile

  • offline_access

  • Directory.ReadWrite.All

  • Directory.AccessAsUser.All

  • Group.ReadWrite.All

  • User.ReadWrite.All

  • User.Invite.All

  • Calendars.ReadWrite

  • Calendars.ReadWrite.Shared

  • Contacts.ReadWrite.Shared

  • Files.ReadWrite.All

  • People.Read.All

  • AccessReview.ReadWrite.All

  • AccessReview.ReadWrite.Membership

  • Analytics.Read

  • AdministrativeUnit.ReadWrite.All

  • AppCatalog.ReadWrite.All

  • Bookings.ReadWrite.All

  • Chat.ReadWrite

  • PrivilegedAccess.ReadWrite.AzureAD

  • PrivilegedAccess.ReadWrite.AzureResources

  • EduAdministration.ReadWrite

  • Financials.ReadWrite.All

  • IdentityProvider.ReadWrite.All

  • IdentityRiskEvent.Read.All

  • IdentityRiskyUser.Read.All

  • DeviceManagementApps.ReadWrite.All

  • DeviceManagementConfiguration.ReadWrite.All

    DeviceManagementManagedDevices.PrivilegedOperations.All

    DeviceManagementManagedDevices.ReadWrite.All

  • DeviceManagementRBAC.ReadWrite.All

  • DeviceManagementServiceConfig.ReadWrite.All

  • Mail.Send.Shared

  • MailboxSettings.ReadWrite

  • Mail.ReadWrite.Shared

  • Member.Read.Hidden

  • Notes.ReadWrite.All

  • Notes.Create

  • Notifications.ReadWrite.CreatedByApp

  • OnPremisesPublishingProfiles.ReadWrite.All

  • Organization.ReadWrite.All Place.Read.All

  • ProgramControl.ReadWrite.All Reports.Read.All

  • RoleManagement.ReadWrite.Directory

  • SecurityEvents.ReadWrite.All

  • SecurityActions.ReadWrite.All

  • ThreatIndicators.ReadWrite.OwnedBy

  • Sites.FullControl.All

  • Tasks.ReadWrite

  • Tasks.ReadWrite.Shared

  • Agreement.ReadWrite.All

  • AgreementAcceptance.Read.All

    Policy.Read.All

  • Policy.ReadWrite.TrustFramework

  • UserActivity.ReadWrite.CreatedByApp

Action card or event card-specific limitations

List Contact Folders

List contact folder returns a maximum of two levels of child folders. Use one of the following API call with Custom API action card to return folders.

Returns 1st level contact folders from a folder:

/users/{{userPrincipalName}}/contactFolders/{{contactFolderId}}/childFolders

Returns 1st and 2nd level contact folders from a folder:

/users/{{userPrincipalName}}/contactFolders/{{contactFolderId}}/childFolders?$expand=childFolders

Returns the 1st, 2nd and 3rd level contact folders from a folder:

/users/{{userPrincipalName}}/contactFolders/{{contactFolderId}}/childFolders?$expand=childFolders($expand=childFolders)

Related topics

Office 365 Admin connector

About the elements of Okta Workflows

Guidance for Office 365 Admin connector

Office 365 Admin Management API overview