When you add an Office 365 Mail card to a flow for the first time, you'll be prompted to configure the connection. This will enable you to connect your Office 365 Mail account, save your account information, and reuse the connection for future Office 365 Mail flows.


You must be an Office 365 administrator in order to authenticate with this connector.

After creating a new connection or reauthorizing an existing connection, any 404 errors are not addressed by the connector and need to be handled within the flow.


You can create multiple connections and manage them from your Connections page.

Before an application can access your organization's data, a user must grant the application permissions to do so. See Configure user consent.

To authorize an Office 365 Mail account and grant it the necessary properties to create an account for use with Workflows:

  1. Navigate to your Azure Active Directory console.

  2. Click Enterprise applicationsConsent and permissionsUser consent settings.

  3. Select Allow user consent to apps.

  4. Select Allow group owner consent for all group owners.

To create a new connection:

  1. Click New Connection.

  2. Enter a Connection Nickname. This is useful if you plan to create multiple Office 365 Mail connections to share with your team.

  3. Click Create.

  4. Log in to your Office 365 Mail account to authorize the connection.

Workflows header properties

By default, Workflows includes three header properties in all messages sent to APIs:

  • User-Agent: azuqua
  • Content-Type: application/json
  • Note

    This property may be changed by the connector to match the specific requirements of the API endpoint.

  • Content-Length: <length>
  • Note

    The value is calculated prior to sending the message.

For some APIs, you may need to allow the azuqua User-Agent property to be accepted in the account configuration or security settings of your cloud application.


Some environments don't allow individual user accounts to consent to application access. If this applies to your environment, you can have an admin authorize the Workflows app for use with Office 365 Mail by creating an account with the required permissions, making a connection in Workflows, then have the admin associated with the account approve the connection. After the connection has been approved, the admin deletes the connection and closes their browser session to remove the authorization token. Create a new connection using a non-admin Office 365 account. This new connection can be used to authorize into Office 365 Mail since the Workflows app was approved by an admin.

Supported scopes

  • Mail.ReadWrite
  • Mail.Send
  • Mail.Send.Shared
  • Mail.ReadWrite.Shared
  • offline_access

Related topics

Office 365 Mail connector

About the elements of Okta Workflows

Microsoft Graph Rest API