Create an Azure App
This guide covers how to set up a Microsoft OAuth application to start authenticating Microsoft 365 users via OAuth.
If you don't already have one, create your free Microsoft Azure account. You'll use this account to create the Microsoft developer application that is used for authenticating end users via OAuth with Nylas.
Staging and Production OAuth
Don't set up Microsoft 365 on your production app before testing on your staging app. Once you add the OAuth settings, you can't delete them.
Create an OAuth Application
Using the Azure web portal, create an app for authenticating your users to Microsoft 365.
Log in to Azure
- Browse to the Microsoft Azure Portal and log in.
- In the menu, click Azure Active Directory.
- Click App Registrations.
- Click New Registration.
New App Registration
-
Give your application a name. This will be visible to your users.
-
Set the audience for this app to Account in any organizational directory to be able to log in to any account using Microsoft 365. If you're building an internal app, you can restrict it to internal accounts by setting it to Accounts in this organizational directory only
-
Set the Redirect URI to Web
- If you are using Hosted Authentication, use
https://api.nylas.com/oauth/callback. - If you are using Hosted Authentication and are using our European datacenter, use
https://ireland.api.nylas.com/oauth/callback. - If you are using Native Authentication, use your app's callback URI.
- If you are using Hosted Authentication, use
-
Click Register
Congrats!
You've just created your app!
Enable the Required APIs
To enable the required APIs, you need to add the permissions to the app's Manifest.
Required Permissions
- Azure Active Directory Graph
- User.Read - Sign in and read user profile
- Microsoft Graph
- offline_access - Maintain access to data you've given it access to
- openid - Sign users in
- profile - View users' basic profile
- User.Read - Sign in and read user profile
- Calendars.Read.Shared - Read user calendars
- Calendars.ReadWrite.Shared - Read and write to user calendars
- EAS.AccessAsUser.All - Access mailboxes via Exchange ActiveSync
- EWS.AccessAsUser.All - Access mailboxes as the signed-in user via Exchange Web Services
Microsoft Graph for Events
Nylas offers Microsoft Graph for events. To enable this feature, read our Graph for Events documentation.
To get there from within the Azure portal:
- Go to Home > Azure Active Directory > App Registrations.
- Click on the app you want to configure.
- On the left, click Manifest.
- In the code, look for
requiredResourceAccess.
The application manifest allows you to update the app directly by editing the JSON. To learn more about the Manifest, see the Microsoft AD Manifest documentation.
Existing Manifest Data
If you already have values in requiredResourceAccess, you will need to add to the existing data. if you need help with this, please reach out to Nylas support. To help get support faster, add Nylas to your application as a user.
- Update the
requiredResourceAccessto include the Manifest code. If there are existing permissions, this will overwrite them.
Manifest JSON
This example includes the required Graph permissions when creating an Azure App with the changes to Microsoft Exchange Online and Basic Auth.
"requiredResourceAccess": [
{
"resourceAppId": "00000002-0000-0ff1-ce00-000000000000",
"resourceAccess": [
{
"id": "266d2589-20b5-4f91-9a03-89247d1be8da",
"type": "Scope"
},
{
"id": "3b5f3d61-589b-4a3c-a359-5dd4b5ee5bd5",
"type": "Scope"
}
]
},
{
"resourceAppId": "00000003-0000-0000-c000-000000000000",
"resourceAccess": [
{
"id": "a4b8392a-d8d1-4954-a029-8e668a39a170",
"type": "Scope"
},
{
"id": "570282fd-fa5c-430d-a7fd-fc8dc98a9dca",
"type": "Scope"
},
{
"id": "7427e0e9-2fba-42fe-b0c0-848c9e6a8182",
"type": "Scope"
},
{
"id": "9769c687-087d-48ac-9cb3-c37dde652038",
"type": "Scope"
},
{
"id": "a367ab51-6b49-43bf-a716-a1fb06d2a174",
"type": "Scope"
},
{
"id": "5df07973-7d5d-46ed-9847-1271055cbd51",
"type": "Scope"
},
{
"id": "7b9103a5-4610-446b-9670-80643382c1fa",
"type": "Scope"
},
{
"id": "e1fe6dd8-ba31-4d61-89e7-88639da4683d",
"type": "Scope"
},
{
"id": "024d486e-b451-40bb-833d-3e66d98c5c73",
"type": "Scope"
},
{
"id": "e383f46e-2787-4529-855e-0e479a3ffac0",
"type": "Scope"
},
{
"id": "1ec239c2-d7c9-4623-a91a-a9775856bb36",
"type": "Scope"
},
{
"id": "ff74d97f-43af-4b68-9f2a-b77ee6968c5d",
"type": "Scope"
},
{
"id": "d56682ec-c09e-4743-aaf4-1a3aac4caa21",
"type": "Scope"
},
{
"id": "37f7f235-527c-4136-accd-4a02d197296e",
"type": "Scope"
},
{
"id": "64a6cdd6-aab1-4aaf-94b8-3cc8405e90d0",
"type": "Scope"
},
{
"id": "14dad69e-099b-42c9-810b-d002981feec1",
"type": "Scope"
},
{
"id": "ff91d191-45a0-43fd-b837-bd682c4a0b0f",
"type": "Scope"
}
]
},
{
"resourceAppId": "00000002-0000-0000-c000-000000000000",
"resourceAccess": [
{
"id": "311a71cc-e848-46a1-bdf8-97ff7156d8e6",
"type": "Scope"
}
]
}
]
- Click Save
- All the necessary permissions have now been added. To check the API permissions, click API Permissions from the menu.
Create the OAuth Credentials
- From within the Azure portal, go to Home > Azure Active Directory > App Registrations.
- Click on the app you want to configure.
- On the left, click Certificates & secrets.
- Click New client secret.
- Enter a description and set an expiration date of 24 months.
- Click Add.
- Copy the value from the Client secrets page and save it somewhere safe. Once you leave this page, you won't be able to retrieve the value.
Copy the Client ID
In the Azure portal, go to the App Registrations page and copy the Application (client) ID.
Add Client ID and Client Secret to Nylas
- Go to your Nylas Dashboard / App Settings / Authentication section.
- Add the Client ID and Client Secret to Office 365 Auth.
- Click Save Changes.
Getting Ready for Production
Microsoft requires apps that access user data to go through a domain verification process. Reach out to Nylas support for more assistance.
Video Walkthrough
Prefer video? You can watch our LiveStream Coding with Nylas.
What's Next?
- Read the blog postHow to Create an Azure App.