Microsoft 365 Authentication Configuration Section

For TQ Data Foundation to connect to Microsoft 365 services such as SharePoint, a Microsoft 365 administrator must register the Data Foundation application on Microsoft’s Entra ID platform, and provide the registration details to Data Foundation.

Two permissions models are supported, and can be configured independently in Data Foundation: Delegated Permissions and App Permissions.

Delegated Permissions (OAuth 2 Authorization Code Flow)

With this permission model, individual Data Foundation users authorize access to Microsoft 365, and their individual SharePoint permissions are used to control what they can access.

Only the Excel integration uses this model, and will fall back to the App Permissions model if Delegated Permissions are not configured.

The registration in Entra ID must be granted the following API permissions (as Delegated Permissions):

• Files.ReadWrite.All

• Sites.Read.All

• User.Read

A Redirect URI for Platform Type Web must be configured. The value is the Data Foundation application’s base URL, plus /login/oauth2/code/ms-graph-delegated-permissions.

For example, if Data Foundation is running at https://my-company.topquadrant.com/edg/, the Redirect URI would be:

https://my-company.topquadrant.com/edg/login/oauth2/code/ms-graph-delegated-permissions

A Client Secret must also be generated for the application registration.

App Permissions (OAuth 2 Client Credentials Flow)

With this permission model, all Data Foundation users access Microsoft 365 using the same permissions. The taxonomy and corpus integrations will use this model. Excel integration will use this model if Delegated Permissions are not configured.

A Client Secret must be generated in Entra ID for the application registration.

The registration in Entra ID must be granted the following API permissions (as Application Permissions):

• Sites.Read.All - always required

• TermStore.ReadWrite.All - required for taxonomy integration

• Files.ReadWrite.All - required for corpus integration and Excel integration

Product Configuration Parameters

Parameter	Description
Application ID (Delegated)	For Delegated Permissions only: The application ID generated when the Data Foundation application was registered in Entra ID.
Directory ID (Delegated)	For Delegated Permissions only: The ID of the Microsoft 365 tenant that the application was registered in.
Client Secret (Delegated)	For Delegated Permissions only: The client secret generated for the application registration. This field is editable only if the two previous fields are set.
Application ID (App)	For App Permissions only: The application ID generated when the application was registered in Entra ID.
Directory ID (App)	For App Permissions only: The ID of the Microsoft 365 tenant that the application was registered in.
Client Secret (App)	For App Permissions: The client secret generated for the application registration. This field is editable only if the two previous fields are set.

See Also

• Data Integrations > Export Instances to Spreadsheet

• Data Integrations > Import Instances from Spreadsheet

• Export to SharePoint Term Store

• Import from SharePoint Term Store

Further Reading on TQ Data Foundation

• Introduction to TQ Data Foundation