Microsoft 365 Authentication Configuration Section

For EDG to connect to Microsoft 365 services such as SharePoint, a Microsoft 365 administrator must register the EDG application on Microsoft’s Entra ID platform, and provide the registration details to EDG.

Two permissions models are supported, and can be configured independently in EDG: Delegated Permissions and App Permissions.

Delegated Permissions (OAuth 2 Authorization Code Flow)

With this permission model, individual EDG users authorize access to Microsoft 365, and their individual SharePoint permissions are used to control what they can access.

Only the Excel integration uses this model, and will fall back to the App Permissions model if Delegated Permissions are not configured.

The registration in Entra ID must be granted the following API permissions (as Delegated Permissions):

• Files.ReadWrite.All

• Sites.Read.All

• User.Read

A Redirect URI for Platform Type Web must be configured. The value is the EDG application’s base URL, plus /login/oauth2/code/ms-graph-delegated-permissions.

For example, if EDG is running at https://my-company.topquadrant.com/edg/, the Redirect URI would be:

https://my-company.topquadrant.com/edg/login/oauth2/code/ms-graph-delegated-permissions

A Client Secret must also be generated for the application registration.

App Permissions (OAuth 2 Client Credentials Flow)

With this permission model, all EDG users access Microsoft 365 using the same permissions. The taxonomy and corpus integrations will use this model. Excel integration will use this model if Delegated Permissions are not configured.

A Client Secret must be generated in Entra ID for the application registration.

The registration in Entra ID must be granted the following API permissions (as Application Permissions):

• Sites.Read.All - always required

• TermStore.ReadWrite.All - required for taxonomy integration

• Files.ReadWrite.All - required for corpus integration and Excel integration

EDG Configuration Parameters

Parameter	Description
Application ID (Delegated)	For Delegated Permissions only: The application ID generated when the EDG application was registered in Entra ID.
Directory ID (Delegated)	For Delegated Permissions only: The ID of the Microsoft 365 tenant that the EDG application was registered in.
Client Secret (Delegated)	For Delegated Permissions only: The client secret generated for the application registration. This field is editable only if the two previous fields are set.
Application ID (App)	For App Permissions only: The application ID generated when the EDG application was registered in Entra ID.
Directory ID (App)	For App Permissions only: The ID of the Microsoft 365 tenant that the EDG application was registered in.
Client Secret (App)	For App Permissions: The client secret generated for the application registration. This field is editable only if the two previous fields are set.

See Also

• Data Integrations > Export Instances to Spreadsheet

• Data Integrations > Import Instances from Spreadsheet

• Export > Export to SharePoint Term Store

• Import > Import from SharePoint Term Store

Further Reading on TopBraid

• Introduction to EDG