This article explains how to register an application in Azure Active Directory in order to give access to Graph APIs.
The following steps will generate the Client Id and Client Secret needed in your Cloudiway connectors.
Step 1: Create a new Application.
Login to Azure portal using your Office 365 administrator account.
- Go to https://portal.azure.com
- Select Azure Active Directory
- Click on App Registration
- Click on New Registration
Give a name to the application.
Supported Account types: Select Accounts in their Organizational directory Only
Redirect URL is not used. Enter any value. I.e https://notused
Click On Register.
Create a New Secret.
- Click on Certificates and Secrets
- Click On New Client Secret
Enter a description, an expiration date, and Click Add
Save the client secret!
At this step, the Application is created.
Go to the Overview section. Save your Client ID:
Step 2: Graph API Permissions
- Click On API Permissions
- Click on Add a permission
- Depending on the scenario, use the table below to determine the permissions to add:
Connector | Graph API | Source | Target |
---|---|---|---|
GALSync | Microsoft Graph | Directory.Read.All Group.Read.All User.Read.All OrgContact.Read.All To enable the modification of Guest or Mail user: User.ReadWrite.All To create items as Guests: User.Invite.All | |
OneDrive | Microsoft Graph | Files.Read.All Sites.Read.All | Files.ReadWrite.All Sites.ReadWrite.All |
SharePoint Graph | Sites.FullControl.all Sites.Manage.all Sites.Read.all | Sites.FullControl.all Sites.Manage.all Sites.ReadWrite.All |
|
Teams | Microsoft Graph | Directory.Read.All Files.Read.All Group.Read.All Group.ReadWrite.All * Sites.Read.All User.Read.All | Directory.Read.All Files.ReadWrite.All Group.ReadWrite.All Sites.ReadWrite.All User.ReadWrite.All |
SharePoint Graph | Sites.FullControl.all Sites.Manage.all Sites.Read.all | Sites.FullControl.all Sites.Manage.all Sites.ReadWrite.All |
|
SharePoint | Microsoft Graph | Files.Read.All Group.Read.All Sites.Read.All User.Read.All | Files.ReadWrite.All Group.ReadWrite.All Sites.ReadWrite.All User.ReadWrite.All |
SharePoint Graph | Sites.FullControl.all Sites.Manage.all Sites.Read.all | Sites.FullControl.all Sites.Manage.all Sites.ReadWrite.All |
* The migration account needs to be Owner and Member of the Group/Team in the source and the target. If it is not Owner and Member of the Team, the migration engine will add it automatically with the permission Group.ReadWrite.All.
- To add permission, click on Microsoft Graph or SharePoint in the list, select Application permissions, and add the relevant permissions.
- When all the permissions are added, close the API select window, click on Grant admin consent.
You’re all set! All you need to do is provide the Client Id and Client Secret in your connector!