Product UpdatesStatus PageAutomation Institute
English
Get a trial
Connectivity
Community Connectors
Microsoft Entra ID

# How to connect to Microsoft Entra ID

Connecting to Microsoft Entra ID (formerly Azure Active Directory) on Workato is a multistep process involving configuration steps in Microsoft Entra ID and Workato.

# Step 1: Create the Workato app in Microsoft Entra ID

Creating the Workato app in Microsoft Entra ID consists of the following steps:

# Step 1.1: Register your application

Register your Workato application with Microsoft Entra ID.

1

Sign in to Microsoft Entra ID (opens new window).

2

Select App registrations.

3

On the resulting page, click + New registration.

4

Name your application. This is the user-facing display name for this application. Microsoft allows you to change this name later.

Register your applicationName your application

5

In Supported account types, select the first option, Accounts in this organizational directory only.

6

In the Redirect URI field, set the platform type to Web and provide the following redirect URI: https://www.workato.com/oauth/callback.

7

The next page displays the details of the newly-created application. Pay attention to the Application (client) ID and the Directory (tenant) ID. You will need these values later to authenticate in Workato.

App registeredTake note of the Application (client) ID and Directory (tenant) ID

# Step 1.2: Assign permissions to your application

Now it's time to assign permissions to our Workato application.

These instructions demonstrate how to grant the minimum permissions necessary to establish a connection with Workato. The permissions you need are variable and based on your use case. See the Microsoft Entra ID permissions section for additional permissions you may need to assign to your Workato application in order for it to perform optimally.

1

Select API permissions from the left navigation sidebar.

2

Click + Add a permission.

3

Click Microsoft Graph to open the permissions interface.

Open the permissions interfaceOpen the permissions interface

4

Select Application permissions.

Application permissionsSelect application permissions

5

Scroll to User. Add the User.Read.All and User.ReadWrite.All permissions, along with any other necessary permissions.

Add the necessary permissionsSelect the necessary permissions

6

Click Add permissions.

7

You will see these permissions added to Microsoft Graph. However, you will need admin approval to grant them to your application officially.

If you are logged in with an administrator account, click Grant admin consent for Default Directory.

8

Once admin consent is granted, Microsoft updates the Status column to Granted.

Admin consentOnce admin consent is granted, Microsoft updates the Status column

# Step 1.3: Generate a client secret for your application

1

Select Certificates & secrets from the left navigation sidebar.

2

Click + New client secret.

Create a new client secretCreate a new client secret

3

In the interface that appears, provide a description of the secret and determine when the secret will expire.

4

Copy and save the Value in a safe place. This is the only time Microsoft Entra ID displays this value.

# Step 2: Connect to Microsoft Entra ID in Workato

Configure the following fields in Workato.

Connect to Microsoft Entra ID in WorkatoConnect to Microsoft Entra ID in Workato

1
  • Connection name
  • Name your connection.
2
  • Location
  • Choose a location (folder) for your connection.
3
  • Client ID
  • Provide your Client ID, which Azure refers to as the Application (client) ID. Obtain this value by navigating to Azure portal > App registrations. Select your application and copy the Application (client) ID.
4
  • Client secret
  • Provide your client secret, which Azure refers to as the secret Value. This was obtained in Step 1.3.
5
  • Tenant
  • Provide the directory tenant from which you plan to request permission. Azure refers to this as the Directory (tenant) ID. Obtain this value by navigating to Azure portal > App registrations. Select your application and copy the Directory (tenant) ID.
6

Click Connect.

# Permissions

There are two types of permissions Delegated permissions and Application permissions that you can assign to your application. To perform optimally, Microsoft Entra ID requires the following Microsoft Graph permissions.

Application permissions
  • Directory.Read.All
  • Directory.ReadWrite.All
  • Group.ReadWrite.All
  • Group.Create
  • Group.Read.All
  • GroupMember.Read.All
  • GroupMember.ReadWrite.All
  • User.ManageIdentities.All
  • User.Read.All
  • User.ReadWrite.All
Delegated permissions
  • Directory.Read.All
  • Directory.ReadWrite.All
  • Directory.AcessAsUser.All
  • Group.ReadWrite.All
  • GroupMember.ReadAll
  • Group.Read.All
  • Group.Read.All
  • GroupMember.ReadWrite.All
  • User.Read
  • User.ReadBasic.All
  • User.Read.All
  • User.ReadWrite.All

FURTHER READING

Microsoft Entra ID
Triggers and actions


Last updated: 10/24/2024, 5:02:28 PM

On this page