Skip to main content

Authorization

Follow this guide to create a new Office 365 Management API credential that will allow Nexla to authenticate to and exchange data with your Office 365 Management API account.
office_365_management_api_auth.png

Office 365 Management API

Prerequisites

Before creating an Office 365 Management API credential, you'll need to register an application in Azure Active Directory (Azure AD) and obtain OAuth 2.0 credentials (Client ID, Client Secret, and Tenant ID). The Office 365 Management API uses OAuth 2.0 client credentials flow for API authentication and requires the ActivityFeed.Read permission.

To obtain Office 365 Management API credentials:

  1. Log in to the Azure Portal with an account that has permissions to register applications.

  2. Navigate to Azure Active Directory > App registrations (or Microsoft Entra ID > App registrations in newer portals).

  3. Click New registration to create a new application registration.

  4. Enter a name for your application (e.g., "Nexla Office 365 Management API Integration") and select the supported account types. For most integrations, select Accounts in this organizational directory only.

  5. Click Register to create the application.

  6. After registration, you'll be taken to the application overview page. Note the Application (client) ID and Directory (tenant) ID - you'll need these for your credential.

  7. Navigate to Certificates & secrets in the left menu, then click New client secret.

  8. Enter a description for the secret and select an expiration period. Click Add to create the secret.

  9. Important: Copy the Value of the client secret immediately, as it will only be displayed once. Store it securely, as you'll need it to authenticate API requests.

  10. Navigate to API permissions in the left menu. Click Add a permission and select Office 365 Management APIs.

  11. Select Application permissions (not Delegated permissions) and add the required permission:

    • ActivityFeed.Read - For reading Office 365 activity feed data (required for Office 365 Management API)

  12. Click Grant admin consent to grant the permission to your application. This step is required for application permissions.

Office 365 Management API uses OAuth 2.0 client credentials flow (2-legged OAuth), which means you don't need user authorization. The Client ID, Client Secret, and Tenant ID are used to obtain an access token directly. The application must have the ActivityFeed.Read permission granted and admin consent provided.

For detailed information about Office 365 Management API authentication and Azure AD app registration, refer to the Office 365 Management Activity API Reference.

Create an Office 365 Management API Credential

  • To create a new Office 365 Management API credential, after selecting the data source/destination type, click the Add Credential tile to open the Add New Credential overlay.

New Credential Overlay – Office 365 Management API

MicrosoftOffice365MgmtCred.png

Credential Name & Description

  1. Enter a name for the credential in the Credential Name field and a short, meaningful description in the Credential Description field.

    Resource descriptions are recommended but are not required. They should be used provide information about the resource purpose, data freshness, etc. that can help the owner and other users efficiently understand and utilize the resource.

Credential Settings

  1. In the Client ID field, enter the Application (client) ID that you obtained from your Azure AD application registration. This is the unique identifier for your registered application.

  2. In the Client Secret field, enter the Client Secret value that you obtained from your Azure AD application registration. This is the secret value generated in the Certificates & secrets section.

    The Client Secret is sensitive information and should be kept secure. If you've lost your Client Secret, you'll need to generate a new one in your Azure AD application registration. Client secrets expire based on the expiration period you set when creating them.

  3. In the Tenant ID field, enter the Directory (tenant) ID that you obtained from your Azure AD application registration. This is the unique identifier for your Azure AD tenant where the application is registered.

Save the Credential

  1. Once all of the relevant steps in the above sections have been completed, click the Save button at the bottom of the overlay to save the configured credential.

  2. The newly added credential will now appear in a tile on the Authenticate screen during data source/destination creation and can be selected for use with a new data source or destination.