Supported Version Cloud.
About OAuth 2.0
OAuth 2.0 lets users access instance resources through external clients by obtaining a token rather than by entering login credentials with each resource request.
You must have the security_admin role to manage the OAuth integration.
API Rate Limit: 10000 requests/10 min
Refer the link for more info: https://learn.microsoft.com/en-us/graph/throttling-limits
Setting up OAuth 2.0 application in Outlook
Follow the below steps to register an OAuth 2.0 application on Microsoft Outlook(Mail and Calendar) using your account.
- Login into Azure Account using https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade
- Click on “New registration” and enter following details:
i) Name : User Friendly Name of OAuth 2.0 App, like “KleraOutlookApplication”
ii) Click on the Submit button. - Go to “Certificates & Secretes” & click on “New client secret”. Enter description and choose validity period. Copy the string generated by the system under column “Value”. This is our Client Secret ID.
- Go to “Authentication” and add a redirect URL under the “Redirect URIs” section.
i) Choose Type -> Web
ii) Redirect URI -> Redirect URL of Klera machine. - Go to API Permissions and click on “Add a permission”. Under Microsoft-> Delegated permissions choose followings:
i) Mail.ReadBasic
ii) Mail.Read
iii) Calendars.Read
iv) Mail.Read.Shared - Go to “Expose an API” and click on Add a scope. Now add following scopes with their user friendly description:
i) Offline_access - Select Azure Active Directory.
- Select Properties.
- Then, scroll down to the Tenant ID field. Your tenant ID will be in the box. Save this tenant Id as we’ll be needing it to create Authorization URL and Access Token URL.
Important:
- This URL should be accessible from the client machine. Machine from where the user is logged into Klera.
- Need to add port 48444 in Firewall/Security systems whitelist.
- You will need additional permissions from the Microsoft Azure Administrator or from IT department to register an application.
- Please make sure your Microsoft Outlook Connector instance must be accessible from the Klera Machine.
Steps to configure connection of connector:
- Right click on Connector >> Connections >> Configure.
- Enter Instance URL : https://graph.microsoft.com
- Application Key: Client Id generated from the azure app
- Application Secret : Client secret Id generated from azure app.
- Authorization URL : https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/authorize
- Access Token URL : https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token
- Domain for Callback Authentication : Enter HostName with Domain Name of the Klera machine.
Example: HostName-123.Kleramachine.com - Scope : Mail.ReadBasic Mail.Read Calendars.Read
- Create New Account and give a user-friendly account Name like : Microsoft Outlook Account.
- Click "Save".
- On clicking ‘Save’, a pop-up will appear which requires Outlook user to login using the credentials asked in the pop-up window.
Important: Please make sure, the pop-up is not blocked by the chrome browser.