Guidance for Office 365 Admin connector

Read the following information for guidance and best practices when using the Office 365 Admin connector in your flows.

• Authentication

• Types of accounts

• Supported scopes

• Action card or event card-specific limitations

Authentication

Create a connection using an admin or user Office 365 Admin account. See Authorization.

Re-authorize a connection

If you’ve used your account to create a connection successfully, you should be able to use this account to create as many connections as you want and re-authorize the old connections as long as no configuration is changed by the admin.

Types of accounts

• Office 365 admin account

• Office 365 admin credentials

Supported scopes

The following OAuth scopes must be enabled in your Office 365 Admin connector environment:

• email

• openid

• profile

• offline_access

• Directory.ReadWrite.All

• Directory.AccessAsUser.All

• Group.ReadWrite.All

• User.ReadWrite.All

• User.Invite.All

• Calendars.ReadWrite

• Calendars.ReadWrite.Shared

• Contacts.ReadWrite.Shared

• Files.ReadWrite.All

• People.Read.All

• AccessReview.ReadWrite.All

• AccessReview.ReadWrite.Membership

• Analytics.Read

• AdministrativeUnit.ReadWrite.All

• AppCatalog.ReadWrite.All

• Bookings.ReadWrite.All

• Chat.ReadWrite

• PrivilegedAccess.ReadWrite.AzureAD

• PrivilegedAccess.ReadWrite.AzureResources

• EduAdministration.ReadWrite

• Financials.ReadWrite.All

• IdentityProvider.ReadWrite.All

• IdentityRiskEvent.Read.All

• IdentityRiskyUser.Read.All

• DeviceManagementApps.ReadWrite.All

• DeviceManagementConfiguration.ReadWrite.All

  DeviceManagementManagedDevices.PrivilegedOperations.All

  DeviceManagementManagedDevices.ReadWrite.All

• DeviceManagementRBAC.ReadWrite.All

• DeviceManagementServiceConfig.ReadWrite.All

• Mail.Send.Shared

• MailboxSettings.ReadWrite

• Mail.ReadWrite.Shared

• Member.Read.Hidden

• Notes.ReadWrite.All

• Notes.Create

• Notifications.ReadWrite.CreatedByApp

• OnPremisesPublishingProfiles.ReadWrite.All

• Organization.ReadWrite.All Place.Read.All

• ProgramControl.ReadWrite.All Reports.Read.All

• RoleManagement.ReadWrite.Directory

• SecurityEvents.ReadWrite.All

• SecurityActions.ReadWrite.All

• ThreatIndicators.ReadWrite.OwnedBy

• Sites.FullControl.All

• Tasks.ReadWrite

• Tasks.ReadWrite.Shared

• Agreement.ReadWrite.All

• AgreementAcceptance.Read.All

  Policy.Read.All

• Policy.ReadWrite.TrustFramework

• UserActivity.ReadWrite.CreatedByApp

Action card or event card-specific limitations

List Contact Folders

List contact folder returns a maximum of two levels of child folders. Use one of the following API call with Custom API action card to return folders.

Returns 1st level contact folders from a folder:

/users/{{userPrincipalName}}/contactFolders/{{contactFolderId}}/childFolders

Returns 1st and 2nd level contact folders from a folder:

/users/{{userPrincipalName}}/contactFolders/{{contactFolderId}}/childFolders?$expand=childFolders

Returns the 1st, 2nd and 3rd level contact folders from a folder:

/users/{{userPrincipalName}}/contactFolders/{{contactFolderId}}/childFolders?$expand=childFolders($expand=childFolders)

Related topics

Office 365 Admin connector

About the elements of Okta Workflows

Guidance for Office 365 Admin connector

Office 365 Admin Management API overview