Microsoft Graph Integration

Last modified on 2022/11/08 13:22

About This Integration

IntegrationIntroduction

You can integrate third-party systems with Service Manager in many ways. The method you select will depend on business requirements, architectural and security constraints as well as the characteristics specific to each third-party application or service.

This document describes an integration process that has already been implemented in a customer context. 

To find out more about this integration (e.g. scripts to be used), please do not hesitate to contact your EasyVista contact, or your service provider and integrator.

Overview of the integration

Microsoft Graph is used to create a gateway for accessing all data available in Microsoft Cloud Services (Microsoft 365, Windows 10 and Enterprise Mobility + Security). This gateway is especially useful to access cloud data from an automatic workflow creation tool that does not provide a standard connector for data access. Open url.png See the Microsoft Bookings use case.

  • You can create a gateway in Microsoft Graph via an Azure AD application created on the Azure portal.
  • The Azure AD application uses the Microsoft Graph API to access emails, calendars, contacts, documents, etc. Open url.png See List of all permissions available for the Microsoft Graph API.
  • The data can then be read in an automatic workflow creation tool, such as Microsoft Power Automate (formerly known as Microsoft Flow).
     

This integration enables you to create a gateway in Microsoft Graph to use the Microsoft Bookings API. You can then enable the gateway in your automatic workflow creation tool.

Use cases of the Microsoft Graph API

Access Microsoft Bookings data via Microsoft Power Automate

  • Issue: The Microsoft Bookings connector is not shipped in the standard MS Power Automate version.
  • Solution
    • First, create a Microsoft Graph gateway to access Microsoft Bookings data from MS Power Automate.
          Open url.png See Step-by-Step Integration Process.
       
    • Second, perform a Microsoft Bookings integration via MS Power Automate that will:

Access of the Technical Support Agent to the Microsoft email server

  • Issue: The Technical Support Agent (TSA) must be able to connect to the Microsoft email server on a regular basis  and automatically to retrieve emails of the IT Support inboxes.
  • Solution
    • Use the Microsoft Graph Mail API via an Azure AD application.

Step-by-Step Integration Process

Prerequisites

Notes

Register an Azure AD application on the Azure portal

RegisterApp_Procedure

Step 1: Access the Azure portal.

1. Log in to the Azure portal using your Azure account.

2. (optional) Select the relevant environment if you have multiple tenants.
 

Step 2: Register a new application on the Azure portal and retrieve the ID.

1. Search for the App registrations service in the list of Azure services or click the link below to access the service directly.
         Microsoft Azure: App registrations

The list of Azure AD applications previously registered on the Azure portal will appear.
         App registrations.png

2. Click + New registration.

The properties window will appear.
         App registration - Creation.png

3. Specify the information required for registering the application.

  • Name: Name of the application. Note: This name is not used by the third-party product.

Best Practice icon.png  Enter a meaningful name that will enable you to identify the application easily in the dashboard on the Azure portal.

  • Supported account types: Used to specify who can use the new application.
    • Select the option called Accounts in this organizational directory only. This means that only accounts in your organization will be able to access the application (multitenant or single tenant).

Best Practice icon.png  Select the option called Accounts in any organizational directory only if you want to provide the application to several organizations, e.g. as a SaaS service (multitenant).

  • Redirect URI: Type of application and redirect URI where the Azure portal should send security tokens after authentication.
    Note: For the Technical Support Agent (AST), select the type of application called Public client/Native.

4. Click Register.

  • The Azure AD application will be created and registered on the Azure portal.
  • Its IDs will be displayed.
    App registration - App with IDs created.png

5. Retrieve the IDs required for configuring your third-party product.

  • Hover over the relevant ID and click Copy icon.png to copy it.
    • ID of the new Azure AD application: Application (client) ID value
    • Tenant ID: Directory (tenant) ID) value
  • You can paste it in a text editor for later use.
    or
  • You can go directly to your third-party product and paste it in the relevant ID field.
     

Step 3: Create and retrieve the client secret of the Azure AD application.

Prerequisite Check that the new Azure AD application is declared as a private client.

  • Select Authentication in the left pane.
  • Check that the value in Advanced settings > Treat application as a public client is No.
     

1. Select Certificates & secrets in the left pane and click + New client secret.
         Certificates and secrets - Creation.png

The properties window will appear.
         Certificates and secrets - Properties.png

2. Specify the information required for creating the client secret.

  • Description: Description of the client secret. Note: The default value will be used if you do not specify this field.
  • Expires: Select the validity end date for the client secret.

Best Practice icon.png  Select Never to avoid renewing the client secret as well as the risk of forgetting to do so.

3. Click Add.

  • The client secret will be generated.
  • Its value will be displayed.
    Certificates and secrets - Secret client created.png

4. Retrieve the client secret required for configuring your third-party product.

Caution: The value of the new client secret can be retrieved only during this step. Once you move on to the next step, the client secret will be hidden using the * character. If you lose the client secret, you must regenerate a new one.

  • Click Copy icon.png to copy the client secret from the Value field in the Client Secrets section.
  • You can paste it in a text editor for later use.
    or
  • You can go directly to your third-party product and paste it in the relevant field.

Add permissions authorizing the Azure AD application to use the Microsoft Bookings API

Notes:

  • The Microsoft Graph API can be used for a variety of purposes. Open url.png See List of all permissions available for the Microsoft Graph API.
  • The Microsoft Bookings API is the one used for accessing business customer calendar data.
  • API delegated permissions are required in order to authorize the Azure AD application to access Microsoft Bookings data.
     

Step 1: Select the Microsoft Graph API.

1. Go to the Home page of your Azure AD application using the breadcrumb at the top of the window. Select API permissions in the left pane.

          API permissions.png

2. Click + Add a permission.

The list of APIs whose permission can be requested will appear.
         API permissions - Creation.png

2. Select the Microsoft Graph API.

          API permissions - Selection MS Graph API.png

Step 2: Select the type of permission to used the Microsoft Bookings API.

1. Select Delegated permissions for access with user sign-in (ROPC or Resource Owner Password Credentials mode).

          API permissions - Selection MS Graph API - Delegated permissions.png

The list of permissions available for the selected API and type of permission will appear.
         API permissions - List.png

Step 3: Select the permissions.

1. Select the relevant permissions.

Best Practice icon.png  Use the search field to filter permissions.

example  Search for Bookings... permissions required for using the Microsoft Bookings API

API permissions - MS Graph with Application permission - Permission bookings selected.png

2. Click Add permissions.

  • The list of permissions authorizing your Azure AD application to use the API by will be refreshed.
    API permissions - MS Graph with Application permission - Permission bookings added.png
  • The Microsoft Graph gateway will be activated.
  • The access permissions allow Microsoft Bookings data access.

Microsoft Bookings integration using Microsoft Graph

     Open url.png See the Microsoft Bookings integration (via MS Power Automate) using MS Graph.

AccountFreeCreation

How to create a free Azure account

1. Go to the Microsoft Azure website.

2. Click Start free.

          Microsoft Flow - Free account.png

3. Log in to your professional Microsoft account.
         Microsoft Flow - Login account.png

4. Enter the login information.
         Microsoft Flow - Account creation - Identification 1.png

5. Click Next.

6. Tick the I agree box.
         Microsoft Flow - Account creation - Identification 2.png

7. Click Sign up.

Links to other integrations

Tags:
Powered by XWiki © EasyVista 2022