Search

MS365 - App Registration

Last Updated: Dec 28, 2022

Articles

Microsoft Graph API (MS365) is used to interact with Microsoft 365 services like Outlook, Teams, Excel, Azure, etc. JIFFY.ai uses MS365 to interact with Outlook mail.

Create an Application

  1. Create a Microsoft Azure account and navigate to Portal.
  2. Click the App registrations option. Image description
  3. Click the + New registration option. Image description
  4. Enter a Name for your application and select the required option in the Supported account types section.

    Preferably, use the Single tenant option.

  5. Click the Register button to create the application.
    Image description
  6. Note the Client ID in the Overview section. Image description

Pre-requisites set-up

Create Secret Key

  1. Open the created application.
  2. Click the Certificates & secrets option in the left-hand side menu and click the + New Client Secret button.
    Image description
  3. Enter Description and choose when the key Expires. Click the Add button. Image description

API Permissions

  1. Open the created application.
  2. Click the API permissions option in the left-hand side menu and click the + Add a permission button. Image description
  3. In the Commonly used Microsoft APIs tab of the Request API permissions window, click on Microsoft Graph. Image description
  4. Click the Delegated permissions button. Image description
  5. Select the following permissions and click the Add permissions button.
    • Calendar
      • Calendars.Read
      • Calendars.ReadWrite
    • User
      • User.Read
      • User.ReadBasic.All
    • Files
      • Files.Read
      • Files.Read.All
      • Files.ReadWrite
      • Files.ReadWrite.All
    • Sites
      • Sites.Read.All
      • Sites.ReadWrite.All
    • Mail
      • Mail.Read
      • Mail.ReadWrite
      • Mail.Send
    • Shared*
      • Mail.Read.Shared
      • Mail.ReadWrite.Shared
      • Mail.Send.Shared
      • Calendars.Read.Shared
      • * Calendars.ReadWrite.Shared
      • * Scopes needed to access resources that are shared with, but not owned by, the user.
  6. Click the Grant admin consent button.
    Image description

Disable MFA (Multi Factor Authentication)

Do the follwing to disable the Multi Factor Authentication for the user to connect.

  1. Sign in to the Portal as an administrator.
  2. Navigate to the Multi-Factor Authentication page.
  3. Select the user to disable the MFA and click Disable. Image description

Configure the Application

  1. Navigate to the Microsoft Azure App
  2. Click on the Authentication button. Image description
  3. Click on the +Add Platform button. Image description
  4. Select the Web option from the Configure Platforms. Image description Configure web page section opens.
  5. Click on the Quickstart button. Image description
  6. Select Java from the listed platforms. Image description Java web app page opens.
  7. Click on the Make these changes for me button. Image description
  8. Click on the Make updates button on the Configuring your application registration page. Image description
  9. Copy and save your client secret and click on the Done button. Image description

Generate Encrypted Token File

Prerequisite: Java 8 is required

  1. Download the secure-token-generator application and batch file to run the application
  2. Open the batch file and enter the details, such as clientID, tenantID, secret, and folder path.

    An Encrypted token file will generate in this folder.

  3. Open the Command prompt and navigate to the folder where the application is downloaded.
  4. Run the application using the batch file, for example, run.bat.
  5. Open the browser and enter the URL.
  6. Enter the username and verify with the generated verification code from the registered mobile number in the login page.
  7. Click on the Show user info button. An encrypted token file is generated in the specified folder.
  8. Stop the secure-token-generator application.
  9. Place the token file in Jiffy (Make sure the folder structure is present):
    1. Location for Jiffy server:

      • /opt/jiffy/ms365/token/design/{ClientID}.txt,
      • /opt/jiffy/ms365/token/exec/{ClientID}..txt

    2. Location for Bot:

      C:\jiffyservice\ms365{ClientID.txt}

    3. Key to decrypt the content of the encrypted token file:

      u-w7HNMq@c/-4^Qg

  10. Store this key in the secure vault on the tenant level using Jiffy so that all applications can use it.
  11. Use this key in the mail configuration; instead of username give

    vault:{vault key}

    vault:ms365Key

  12. Get the client secret that was copied while configuring the application.
  13. Store the client secret in the secure vault on the app level using Jiffy.
  14. Use this secure vault key as password while configuring Email.
Did you find what you were looking for?