Please follow the below instructions to create a custom OAuth app to use for Microsoft 365 actions.
Step 1: Register an app using this link: https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app?tabs=certificate
Make sure to choose “Single tenant” and click Register.
Leave the “Redirect URI” as blank for now, we shall fill this later.
Step 2: Please copy these IDs, we will need them later in the setup:
ClientId
TenantId
ClientSecret
This can be found in Manage -> Certificates & secrets -> Add a client secret -> Copy the value of the secret generated
Step 3: Add Permissions
Go to Manage -> API Permissions
Go to Add Permissions -> Choose Delegated Permissions
Add the following Permissions:
Mail.ReadWrite
Files.ReadWrite.All
Sites.ReadWrite.All
offline_access
User.Read
Openid
Email
Step 4: Go to Glean, inputs information and save the action pack
Go to the Glean Microsoft 365 Action setup
Paste the values of Client ID and Client Secret that were copied earlier into the right fields here.
Paste the following values for the other fields (replace <tenant_id> with the Tenant ID that was copied earlier:
Client url: https://login.microsoftonline.com/<tenant id>/oauth2/v2.0/authorize
Authorization url: https://login.microsoftonline.com/<tenant id>/oauth2/v2.0/token
Click on Save!
Step 5: Update Callback URL
You should see a Callback url appear at the bottom of the screen above, copy this callback url
Go to the Microsoft OAuth app registration again
Go to Manage -> Authentication -> Configure Web -> Paste the callback url in the Redirect URIs input field
That's it! You should now be able to use Microsoft 365 Actions using this Custom OAuth app!
Refer to Microsoft 365 Actions on how to use these actions!
Additional Configurations:
Go to enterprise applications on the microsoft page to set the tenant wide consent settings
If you would like admins to allow consent for organization choose first
If you want users to be able to consent individually the first time they use choose third option
If you want users to be able to consent but only for selected permissions select the second option and add the above permissions added for the app , otherwise some users might be able to consent for more scopes than configured in the app
Note: When the user/admin authenticates, you can see them along with the granted permissions on this page