Microsoft¶
There are an array of cloud applications under the Microsoft umbrella, and Skuid can access several of its Office365 cloud applications—seen in Skuid’s table of contents—with its pre-configured data source types.
Most Office365 OAuth configurations are set through Azure Active Directory, so you must first set up an app registration within Azure Active Directory and obtain the API credentials you’ll be using for your authentication providers. Follow the instructions below to do this, and then open the topic page for your chosen Microsoft data source to learn more.
Note
You may also use these credentials for any Office365 REST API, should you need to use a service that does not yet have a pre-configured data source type in Skuid.
App Registration and OAuth Credentials Using Azure Active Directory¶
Azure Active Directory (Azure AD) handles the connection between Microsoft’s cloud-based products and outside applications, in this case, Skuid. To facilitate the OAuth authentication process, you’ll need to work with your IT admin to configure an app registration within Azure AD, set the permissions for that app registration, and then use its OAuth credentials to set up a Skuid authentication provider.
Note
You will need access to Azure with your Office365 account to start this process. If you do not have access, contact your IT administrator to arrange this setup.
Warning
Because implementations vary and making adjustments can potentially impact others in the enterprise, Skuid encourages you to work closely with your IT administrator and follow Microsoft’s documentation for Azure AD while configuring the app registration.
Navigate to your Azure AD app registrations blade.
Click New Registration.
Enter the basic app registration information:
Name: Enter an informative name, such as Skuid App Registration
Supported account types: Select the account type appropriate for your deployment strategy. See Microsoft documentation for more information.
Redirect URI: Enter the callback URL for your Skuid site.
If you need additional redirect URIs, you can add them later.
When using Skuid on Salesforce, the callback URL will depend on several things:
- Whether or not the Remove Instance Names from URLs critical update is activated
- If the above critical update is not activated, then the Salesforce org’s instance
- If set, the Salesforce org’s My Domain
- Whether the org is a developer edition or sandbox org
Each of these variables will change parts of the callback URL.
Note
Lightning Experience requires that My Domain be enabled.
There are also different URLs needed based on whether the Skuid page is deployed using the Redirect, the skuid:page Visualforce component override method, or the Skuid Page Lightning component. Because of this, it’s best to enter all callback URLs for Skuid on Salesforce orgs within your OAuth applications.
To ensure the accuracy of your callback URLs, fill out the form below to generate the appropriate Salesforce callback URLs for your org:
- Whether or not the Remove Instance Names from URLs critical update is activated
Click Register.
Navigate to the registration’s Manifest blade and set
"oauth2AllowImplicitFlow"
totrue
.For more information about application manifests, see Microsoft documentation.
Click Save.
Set the appropriate required API permissions for the application you wish to access. You’ll be using delegated permissions, as end users will be interacting with this API as their logged in user.
For a reference of the permissions required for full usage of Skuid data source types, refer to the section below or the topic for your data source type of choice.
Note
The permissions below are required for the full functionality of the listed data sources. Depending on your security policies you may wish to use an alternative permissions configuration, but you may see unexpected behavior for some objects or data source actions.
After selecting each batch of permissions for your data source, click Add permissions.
Gather the OAuth credentials needed for your Skuid authentication provider:
- Client Id:
- Within the app registration blade, click Overview
- Copy the Application (client) ID, as this will be the client Id for the authentication provider.
- Client secret:
- Within the app registration blade, click Clients & secrets
- Click New client secret.
- Give the secret a name and set an appropriate expiration date.
- Click Add.
- Copy the generated client secret.
- Client Id:
With the above settings configured in Azure AD, you’re ready to begin configuring the Skuid settings required for your Microsoft data source. Refer to the individual data source type’s topic for more information.
API Permissions by data source type¶
Dynamics CRM¶
Within the Dynamics CRM API section, select the following:
user_impersonation
- Access Common Data Service as organization users
Excel¶
Within the Microsoft Graph API section, click Delegated Permissions and select the following:
- Under Files
Files.Read
- Read user filesFiles.ReadWrite
- Have full access to user files
- Under User
User.Read
- Sign in and read user profile
OneDrive¶
Within the SharePoint API section, select the following:
MyFiles.Read
- Read user filesMyFiles.Write
- Read and write user files
Outlook¶
Within the Exchange section beneath Supported legacy APIs, select the following:
- Under Calendars
Calendars.ReadWrite.All
- Read and write user and shared calendarsCalendars.ReadWrite.Shared
- Read and write user and shared calendars
- Under Contacts
Contacts.ReadWrite.All
- Read and write user and shared contactsContacts.ReadWrite.Shared
- Read and write user and shared contacts
- Under Mail
Mail.ReadWrite
- Read and write user mailMail.ReadWrite.All
- Read and write user and shared mailMail.ReadWrite.Shared
- Read and write user and shared mailMail.Send
- Send mail as a user
- Under Tasks
Tasks.ReadWrite
- Create, read, update and delete user tasksTasks.ReadWrite.Shared
- Create, read, update and delete all tasks a user has access to