# Microsoft Graph API
Microsoft Graph API (opens new window) is a powerful unified endpoint that allows organizations to access and interact with Microsoft 365 services and other Microsoft cloud-based resources. It enables developers to integrate and automate various application actions, such as managing users, groups, mail, calendars, tasks, and security insights.
With Microsoft Graph API, organizations can enhance security, streamline user management, and enable seamless single sign-on experiences across different applications. It provides access to:
- External resources, such as Microsoft 365, the Azure portal, and thousands of other SaaS applications.
- Internal resources, such as apps on your corporate network, intranet, and any cloud apps developed by your organization.
# Prerequisites
To use the Microsoft Graph API connector, you must register your application in Microsoft Entra ID (opens new window).
This process consists of the following steps:
- Register an application in Microsoft Entra ID
- Assign permissions to your application
- Generate a client secret
After you complete these prerequisites, you can proceed to connect to Microsoft Graph API on Workato.
# Register an application in Microsoft Entra ID
Complete the following steps to register an application in Microsoft Entra ID:
Sign in to Microsoft Entra ID.
Select App registrations.
Click + New registration.
Provide a Name for your application.
Under Supported account types, select Accounts in this organizational directory only.
Under Redirect URI, choose Web and enter the following URI:
https://www.workato.com/oauth/callback
Click Register.
Copy the Application (client) ID and Directory (tenant) ID from the application details page. Store these values securely, as they are required for authentication.
# Assign permissions to your application
Complete the following steps to assign the necessary permissions to your application so it can interact with the Microsoft Graph API:
Select API permissions from the left navigation menu.
Click + Add a permission.
Select Microsoft Graph.
Choose Application permissions.
Select the following permissions (opens new window):
offline_accessFiles.ReadWrite.AllUser.ReadMail.ReadMail.ReadWriteMail.Send
Click Add permissions.
# Generate a client secret
Complete the following steps to generate a client secret for your application:
Select Certificates & secrets from the left navigation menu.
Click + New client secret.
Enter a Description and set an expiration period.
Click Add.
Copy and securely store the Value of the client secret. This is the only time it will be displayed.
# Connection setup
The Microsoft Graph API connector supports the following authentication methods:
- Authorization code grant
- Client credentials
Connection setup
Complete the following steps to establish a Microsoft Graph API connection:
Click Create > Connection.
Search for and select Microsoft Graph API as your connection on the New connection page.
Provide a name for your connection in the Connection name field.
Use the Location drop-down menu to select the project where you plan to store the connection.
Enter the Application (client) ID from the Azure portal in the Client ID field.
Enter your client secret in the Client secret field.
Select an option from Authentication type drop-down menu. Options include Authorization code grant and Client credentials.
Select an option from the Account type drop-down menu. Options include Single tenant, Multitenant, and Active directory multitenant.
Enter the Directory (tenant) ID in the Tenant ID field. This field is required if you select Single tenant as the Account type.
Click Connect.
Last updated: 2/27/2025, 4:54:06 PM