Only show these results:

Create an Azure App

This page discusses how to set up a Microsoft OAuth application to start authenticating Microsoft 365 users via OAuth.

If you don't already have one, create your free Microsoft Azure account. You'll use this account to create the Microsoft developer application that is used for authenticating end users via OAuth with Nylas.

Staging and Production OAuth: Don't set up Microsoft 365 on your production app before you test them on your staging app. You cannot delete OAuth settings once you add them.

Create an Azure app

Using the Azure web portal, create an app for authenticating your users to Microsoft 365:

  1. Navigate to the Microsoft Azure Portal and log in.

  2. In the left navigation menu, select Azure Active Directory.

    Microsoft Azure Portal Home page displaying the left navigation menu.

  3. Click App Registrations > New Registration.

  4. Give your application a name. This will be visible to your users, so make sure it's descriptive.

  5. Set the app's audience to Account in any organizational directory. This lets you log in to any account using Microsoft 365. If you're building an internal app, you can restrict it to internal accounts only by setting it to Accounts in this organizational directory only

  6. Set the Redirect URI to Web.

    • If you are using Hosted Authentication, use https://api.nylas.com/oauth/callback.
    • If you are using Hosted Authentication and are using our European datacenter, use https://ireland.api.nylas.com/oauth/callback.
    • If you are using Native Authentication, use your app's callback URI.
  7. Review Microsoft's Platform Policies, then click Register.

    Microsoft Azure Portal displaying the Register an Application page.

Congrats! You've created your app! 🎉

Enable the required APIs

To enable the required APIs, you need to add the permissions to your Azure app's Manifest.

Required permissions

These permissions are required for Nylas' APIs to work with your Azure app:

  • Azure Active Directory Graph.
    • User.Read: Sign in and read user profiles.
  • Microsoft Graph.
    • offline_access: Maintain access to data you've given it access to.
    • openid: Sign users in.
    • profile: View users' basic profiles.
    • User.Read: Sign in and read user profiles.
    • Calendars.Read.Shared: Read user calendars.
    • Calendars.ReadWrite.Shared: Read and write to user calendars.
    • EAS.AccessAsUser.All: Access mailboxes via Exchange ActiveSync.
    • EWS.AccessAsUser.All: Access mailboxes as the signed-in user via Exchange Web Services.

Microsoft Graph for Events: Nylas offers Microsoft Graph for Events. For more information, see our Graph for Events documentation.

Add permissions to Manifest

Follow these steps to add the required permissions to your Azure app's Manifest:

  1. In the Microsoft Azure Portal, navigate to Home > Azure Active Directory > App Registrations.

  2. Select the app that you want to configure.

  3. In the left navigation menu, select Manifest.

  4. Find requiredResourceAccess in the code panel:

    Microsoft Azure Portal displaying an application's Manifest page.

    Learn More

    The application Manifest allows you to update an app directly by editing its JSON. To learn more about the Manifest, see the Microsoft AD Manifest documentation.

  5. Update the requiredResourceAccess block to include the Manifest code.

    If you find existing manifest data: If you already have values in requiredResourceAccess, you must add the Manifest code to the existing data. Contact Nylas support for assistance, and consider adding Nylas Support to your application as a user.

  6. Click Save.

You've added all required permissions to your Azure app. To check the API permissions, select API Permissions from the left navigation menu.

Microsoft Azure Portal displaying an application's Configured Permissions information.

Example: requiredResourceAccess Manifest JSON

This code sample includes the Graph permissions that are required when creating an Azure app with the changes to Microsoft Exchange Online and Basic Auth. For more information, see our Microsoft Basic Authentication documentation.

"requiredResourceAccess": [
{
"resourceAppId": "00000003-0000-0000-c000-000000000000",
"resourceAccess": [
{
"id": "cb8f45a0-5c2e-4ea1-b803-84b870a7d7ec",
"type": "Scope"
},
{
"id": "7427e0e9-2fba-42fe-b0c0-848c9e6a8182",
"type": "Scope"
},
{
"id": "e1fe6dd8-ba31-4d61-89e7-88639da4683d",
"type": "Scope"
},
{
"id": "37f7f235-527c-4136-accd-4a02d197296e",
"type": "Scope"
},
{
"id": "14dad69e-099b-42c9-810b-d002981feec1",
"type": "Scope"
}
]
},
{
"resourceAppId": "00000002-0000-0000-c000-000000000000",
"resourceAccess": [
{
"id": "311a71cc-e848-46a1-bdf8-97ff7156d8e6",
"type": "Scope"
}
]
},
{
"resourceAppId": "00000002-0000-0ff1-ce00-000000000000",
"resourceAccess": [
{
"id": "266d2589-20b5-4f91-9a03-89247d1be8da",
"type": "Scope"
},
{
"id": "3b5f3d61-589b-4a3c-a359-5dd4b5ee5bd5",
"type": "Scope"
}
]
}
],

Create OAuth credentials

Now that you have an Azure app, you need to create OAuth credentials for it:

  1. In the Microsoft Azure Portal, navigate to Home > Azure Active Directory > App Registrations.

  2. Select the app that you want to configure.

  3. In the left navigation menu, select Certificates & secrets.

  4. Click New client secret.

  5. Type a description and set the expiration date to 24 months.

    Microsoft Azure Portal displaying configuration options for adding a client secret.
  6. Click Add.

  7. Copy the value from the Client Secrets page and save it somewhere safe.

    Microsoft Azure Portal displaying the Client Secrets page.

    After you leave this page, you won't be able to access the secret value again.

Copy client ID

Before you continue to the next step, you must copy your app's client ID. You'll need this value to set up your Nylas app.

To access your app's client ID, navigate to Home > Azure Active Directory > App Registrations in the Microsoft Azure Portal, find your app, and copy its Application (client) ID.

Microsoft Azure Portal displaying the App Registrations page.

Add Client ID and Client Secret to Nylas

Now, you need to add your Azure app's Client ID and Client Secret to your Nylas app:

  1. Log in to your Nylas Dashboard and navigate to App Settings > Authentication.

  2. Add your Azure app's Client ID and Client Secret to Office365 Auth.

    Nylas interface displaying Office365 Auth configuration options.
  3. Select Save Changes.

Get ready for production

Microsoft requires apps that access user data to go through a domain verification process. Contact Nylas support for assistance.

What's next?

Video walkthrough

Prefer video? You can watch our Coding with Nylas livestream.