Microsoft

Warning

These data sources are deprecated and not available for use. This document remains viewable for legacy support and archival purposes.

There are an array of cloud applications under the Microsoft umbrella, and Skuid can access several of its Office365 cloud applications—seen in Skuid’s table of contents—with its pre-configured data source types.

Most Office365 OAuth configurations are set through Azure Active Directory, so you must first set up an app registration within Azure Active Directory and obtain the API credentials you’ll be using for your authentication providers. Follow the instructions below to do this, and then open the topic page for your chosen Microsoft data source to learn more.

Note

You may also use these credentials for any Office365 REST API, should you need to use a service that does not yet have a pre-configured data source type in Skuid.

App Registration and OAuth Credentials Using Azure Active Directory

Azure Active Directory (Azure AD) handles the connection between Microsoft’s cloud-based products and outside applications, in this case, Skuid. To facilitate the OAuth authentication process, you’ll need to work with your IT admin to configure an app registration within Azure AD, set the permissions for that app registration, and then use its OAuth credentials to set up a Skuid authentication provider.

Note

You will need access to Azure with your Office365 account to start this process. If you do not have access, contact your IT administrator to arrange this setup.

Warning

Because implementations vary and making adjustments can potentially impact others in the enterprise, Skuid encourages you to work closely with your IT administrator and follow Microsoft’s documentation for Azure AD while configuring the app registration.

  1. Navigate to your Azure AD app registrations blade.

  2. Click New Registration.

  3. Enter the basic app registration information:

    • Name: Enter an informative name, such as Skuid App Registration

    • Supported account types: Select the account type appropriate for your deployment strategy. See Microsoft documentation for more information.

    • Redirect URI: Enter the callback URL for your Skuid site.

      If you need additional redirect URIs, you can add them later.

      When using Skuid SFX, the callback URL will depend on several things:

      • Whether or not the Remove Instance Names from URLs critical update is activated
        • If the above critical update is not activated, then the Salesforce org’s instance
      • If set, the Salesforce org’s My Domain
      • Whether the org is a developer edition or sandbox org

      Each of these variables will change parts of the callback URL.

      Note

      Lightning Experience requires that My Domain be enabled.

      There are also different URLs needed based on whether the Skuid page is deployed using the Redirect, the skuid:page Visualforce component override method, or the Skuid Page (Aura) Lightning component. Because of this, it’s best to enter all callback URLs for Skuid SFX orgs within your OAuth applications.

      To ensure the accuracy of your callback URLs, fill out the form below to generate the appropriate Salesforce callback URLs for your org:

  4. Click Register.

  5. Navigate to the registration’s Manifest blade and set "oauth2AllowImplicitFlow" to true.

    For more information about application manifests, see Microsoft documentation.

  6. Click Save.

  7. Set the appropriate required API permissions for the application you wish to access. You’ll be using delegated permissions, as end users will be interacting with this API as their logged in user.

    For a reference of the permissions required for full usage of Skuid data source types, refer to the section below or the topic for your data source type of choice.

    Note

    The permissions below are required for the full functionality of the listed data sources. Depending on your security policies you may wish to use an alternative permissions configuration, but you may see unexpected behavior for some objects or data source actions.

  8. After selecting each batch of permissions for your data source, click Add permissions.

  9. Gather the OAuth credentials needed for your Skuid authentication provider:

    • Client Id:
      1. Within the app registration blade, click Overview
      2. Copy the Application (client) ID, as this will be the client Id for the authentication provider.
    • Client secret:
      1. Within the app registration blade, click Clients & secrets
      2. Click New client secret.
      3. Give the secret a name and set an appropriate expiration date.
      4. Click Add.
      5. Copy the generated client secret.

With the above settings configured in Azure AD, you’re ready to begin configuring the Skuid settings required for your Microsoft data source. Refer to the individual data source type’s topic for more information.

API Permissions by data source type

Dynamics CRM

Within the Dynamics CRM API section, select the following:

  • user_impersonation - Access Common Data Service as organization users

Excel

Within the Microsoft Graph API section, click Delegated Permissions and select the following:

  • Under Files
    • Files.Read - Read user files
    • Files.ReadWrite - Have full access to user files
  • Under User
    • User.Read - Sign in and read user profile

OneDrive

Within the SharePoint API section, select the following:

  • MyFiles.Read - Read user files
  • MyFiles.Write - Read and write user files

Outlook

Within the Exchange section beneath Supported legacy APIs, select the following:

  • Under Calendars
    • Calendars.ReadWrite.All - Read and write user and shared calendars
    • Calendars.ReadWrite.Shared - Read and write user and shared calendars
  • Under Contacts
    • Contacts.ReadWrite.All - Read and write user and shared contacts
    • Contacts.ReadWrite.Shared - Read and write user and shared contacts
  • Under Mail
    • Mail.ReadWrite - Read and write user mail
    • Mail.ReadWrite.All - Read and write user and shared mail
    • Mail.ReadWrite.Shared - Read and write user and shared mail
    • Mail.Send - Send mail as a user
  • Under Tasks
    • Tasks.ReadWrite - Create, read, update and delete user tasks
    • Tasks.ReadWrite.Shared - Create, read, update and delete all tasks a user has access to

SharePoint

Within the SharePoint API section, select the following:

  • AllSites.Write - Read and write items in all site collections

Depending on your permission policies, you may alternatively wish to select AllSites.Read AllSites.Manage or even AllSites.FullControl