Create an Azure App
This page discusses how to set up a Microsoft OAuth application to start authenticating Microsoft 365 users via OAuth.
If you don't already have one, create your free Microsoft Azure account. You'll use this account to create the Microsoft developer application that is used for authenticating end users via OAuth with Nylas.
Staging and Production OAuth: Don't set up Microsoft 365 on your production app before you test them on your staging app. You cannot delete OAuth settings once you add them.
Create an Azure app
Using the Azure web portal, create an app for authenticating your users to Microsoft 365:
-
Navigate to the Microsoft Azure Portal and log in.
-
In the left navigation menu, select Azure Active Directory.
-
Click App Registrations > New Registration.
-
Give your application a name. This will be visible to your users, so make sure it's descriptive.
-
Set the app's audience to Account in any organizational directory. This lets you log in to any account using Microsoft 365. If you're building an internal app, you can restrict it to internal accounts only by setting it to Accounts in this organizational directory only
-
Set the Redirect URI to Web.
- If you are using Hosted Authentication, use
https://api.nylas.com/oauth/callback
. - If you are using Hosted Authentication and are using our European datacenter, use
https://ireland.api.nylas.com/oauth/callback
. - If you are using Native Authentication, use your app's callback URI.
- If you are using Hosted Authentication, use
-
Review Microsoft's Platform Policies, then click Register.
Congrats! You've created your app! 🎉
Enable the required APIs
To enable the required APIs, you need to add the permissions to your Azure app's Manifest.
Required permissions
These permissions are required for Nylas' APIs to work with your Azure app:
- Azure Active Directory Graph.
User.Read
: Sign in and read user profiles.
- Microsoft Graph.
offline_access
: Maintain access to data you've given it access to.openid
: Sign users in.profile
: View users' basic profiles.User.Read
: Sign in and read user profiles.Calendars.Read.Shared
: Read user calendars.Calendars.ReadWrite.Shared
: Read and write to user calendars.EAS.AccessAsUser.All
: Access mailboxes via Exchange ActiveSync.EWS.AccessAsUser.All
: Access mailboxes as the signed-in user via Exchange Web Services.
Microsoft Graph for Events: Nylas offers Microsoft Graph for Events. For more information, see our Graph for Events documentation.
Add permissions to Manifest
Follow these steps to add the required permissions to your Azure app's Manifest:
-
In the Microsoft Azure Portal, navigate to Home > Azure Active Directory > App Registrations.
-
Select the app that you want to configure.
-
In the left navigation menu, select Manifest.
-
Find
requiredResourceAccess
in the code panel:Learn More
The application Manifest allows you to update an app directly by editing its JSON. To learn more about the Manifest, see the Microsoft AD Manifest documentation.
-
Update the
requiredResourceAccess
block to include the Manifest code.If you find existing manifest data: If you already have values in
requiredResourceAccess
, you must add the Manifest code to the existing data. Contact Nylas support for assistance, and consider adding Nylas Support to your application as a user. -
Click Save.
You've added all required permissions to your Azure app. To check the API permissions, select API Permissions from the left navigation menu.
Example: requiredResourceAccess
Manifest JSON
This code sample includes the Graph permissions that are required when creating an Azure app with the changes to Microsoft Exchange Online and Basic Auth. For more information, see our Microsoft Basic Authentication documentation.
"requiredResourceAccess": [
{
"resourceAppId": "00000003-0000-0000-c000-000000000000",
"resourceAccess": [
{
"id": "cb8f45a0-5c2e-4ea1-b803-84b870a7d7ec",
"type": "Scope"
},
{
"id": "7427e0e9-2fba-42fe-b0c0-848c9e6a8182",
"type": "Scope"
},
{
"id": "e1fe6dd8-ba31-4d61-89e7-88639da4683d",
"type": "Scope"
},
{
"id": "37f7f235-527c-4136-accd-4a02d197296e",
"type": "Scope"
},
{
"id": "14dad69e-099b-42c9-810b-d002981feec1",
"type": "Scope"
}
]
},
{
"resourceAppId": "00000002-0000-0000-c000-000000000000",
"resourceAccess": [
{
"id": "311a71cc-e848-46a1-bdf8-97ff7156d8e6",
"type": "Scope"
}
]
},
{
"resourceAppId": "00000002-0000-0ff1-ce00-000000000000",
"resourceAccess": [
{
"id": "266d2589-20b5-4f91-9a03-89247d1be8da",
"type": "Scope"
},
{
"id": "3b5f3d61-589b-4a3c-a359-5dd4b5ee5bd5",
"type": "Scope"
}
]
}
],
Create OAuth credentials
Now that you have an Azure app, you need to create OAuth credentials for it:
-
In the Microsoft Azure Portal, navigate to Home > Azure Active Directory > App Registrations.
-
Select the app that you want to configure.
-
In the left navigation menu, select Certificates & secrets.
-
Click New client secret.
-
Type a description and set the expiration date to 24 months.
-
Click Add.
-
Copy the value from the Client Secrets page and save it somewhere safe.
After you leave this page, you won't be able to access the secret value again.
Copy client ID
Before you continue to the next step, you must copy your app's client ID. You'll need this value to set up your Nylas app.
To access your app's client ID, navigate to Home > Azure Active Directory > App Registrations in the Microsoft Azure Portal, find your app, and copy its Application (client) ID.
Add Client ID and Client Secret to Nylas
Now, you need to add your Azure app's Client ID and Client Secret to your Nylas app:
-
Log in to your Nylas Dashboard and navigate to App Settings > Authentication.
-
Add your Azure app's Client ID and Client Secret to Office365 Auth.
-
Select Save Changes.
Get ready for production
Microsoft requires apps that access user data to go through a domain verification process. Contact Nylas support for assistance.
What's next?
- Read our How to Create an Azure App blog post.
Video walkthrough
Prefer video? You can watch our Coding with Nylas livestream.