Skip to main content
All CollectionsOnboarding and Configuration Guides
Onboarding Guide - Microsoft with your App
Onboarding Guide - Microsoft with your App
Reco Product Management avatar
Written by Reco Product Management
Updated over 8 months ago

Background

Reco's various integrations with Microsoft require specific sets of permissions your admin needs to authorize Reco to access. For more granular control over allowed permissions, Reco lets the user select the scopes authorized for it to use for each Microsoft integration. To do that, a Microsoft account admin is required to create an app, specify its scopes, and copy the relevant fields for Reco to use.

Creating an app in Microsoft

This section describes how to obtain the 3 values needed for integrating your Microsoft service with Reco:

  • Client ID

  • Secret

  • Tenant ID

As a Microsoft account admin,

  1. On the sidebar, click on "Applications" -> "App Integrations"

  2. Click on "New Registration"

  3. Name the application (for example, "Reco"). Leave all other selections as they are and click "Register"

  4. In the opened page of the newly created application, copy the values of
    "Application (client) ID" and "Directory (tenant) ID"

  5. In the app's page sidebar, navigate to "Certificates & secrets", and click on "New client secret"

  6. Fill in a description and click on "Add".

  7. Copy the value of the secret (not the "Secret ID")

  8. In the app's page sidebar, navigate to "API Permission" and add the permissions you wish to authorize Reco to access.

    It is recommended to grant at least the following scopes:

    1. AuditLog.Read.All

    2. Directory.Read.All

    3. Mail.ReadBasic

    4. User.Read

  9. On the same page, click on "Grant admin content for ..."
    ​

Integrating with Reco

  1. In the Integrations screen of Reco, click on "Add Integrations" and choose the relevant Microsoft app to connect

  2. Choose a subscription and tick "Use your own Application"

  3. Fill in the Account (client) ID in "Client ID", secret in "Client Secret", and replace <your_tenant_id> in the "Authority URL" value with the Directory (tenant) ID you have obtained in the previous section.

  4. Click on "Connect"

Did this answer your question?