Prerequisites for Modern Authentication Flows by Microsoft

Following are the required prerequisites for modern authentication flows provided by Microsoft which will be used in OAuth activity:

 

Requirements

Description

Authentication Details

Register an application over Azure portal.

Based upon the authentication flow configured for the application, the user must have the below authentication details –

  • User ID
  • Password
  • Client ID
  • Tenant ID
  • Redirect URL / Callback URL
  • Client Secret Value
     

    NOTE: 

    Client Secret Value expires after a certain period and is visible only for one time. Ensure to copy and keep it handy.

 

Certificates and Federated credentials are not yet supported.

 

Based on the authentication flow used, usage of above authentication details may vary. For Example, Client Credential Flow needs only the Client ID,  Tenant ID & Client Secret.
 

MFA Enabled Accounts

For MFA enabled accounts, the user must have the MFA secret key obtained from the respective application. The secret key can be obtained during the setup of any Authenticator App such as Google Authenticator or Microsoft Authenticator.

Types of Tokens
  • Access token

    Access tokens enable users to securely call the Application APIs for performing various application related operations.

    Validity – 1 hr.
  • Refresh Token 

    When a user acquires an access token to access a protected resource, the user also receives a refresh token for few authentication flows such as Authorization Code, Authorization Code with PKCE & ROPC Flow. The refresh token is used to obtain new access token when the current access token expires. 

    Validity (Mobility and Desktop) – 90 days
    Validity (Single Page Application) – 1 day
URL Information

URL Recommended for Redirect URL - 

Configure Office 365 application

To configure a Office365 application:

  1. In the Admin menu, click the    (Add Application) icon in the Application pane to add an application. The Add Application dialog box appears.
  2. In the Application Type list, select Office365.
  3. In the Application Name field, enter a desired name for the application you want to add. The name must not contain any special character or space.

  4. Click ADD. A message for the successful addition of the application is displayed.
  5. Close the displayed message and enter the required details in the Application Properties panel.
    • In the Service Url, specify the Service URL of the Graph API to be used. For example, https://graph.microsoft.com/v1.0 
    • Select the SignIn checkbox.
    • In the DisplayName, enter the name of application.
    • In the Modern Auth Type list, select the preferred auth grant type flow as per the Modern Authentication you want to run.

    • For example, if you are creating process which uses Authorization Code Authentication flow, then ensure to select OAuthAuthorizeFlow from the available options. 
  6. Click Save.

 

You can see the added Office 365 application in the Application Tab.