Microsoft 365 Authentication Configuration Section
For EDG to connect to Microsoft 365 services such as SharePoint, a Microsoft 365 administrator must register the EDG application on Microsoft’s Entra ID platform, and provide the registration details to EDG.
Two permissions models are supported, and can be configured independently in EDG: Delegated Permissions and App Permissions.
App Permissions (OAuth 2 Client Credentials or ROPC Flow)
With this permission model, all EDG users access Microsoft 365 using the same permissions. The taxonomy and corpus integrations will use this model. Excel integration will use this model if Delegated Permissions are not configured.
One of two different authentication methods must be chosen for App Permissions:
OAuth 2 Client Credentials Flow. EDG receives full access to documents on SharePoint sites and the SharePoint term store. A Client Secret must be generated in Entra ID for the application registration.
OAuth 2 Resource Owner Password Credentials (ROPC) Flow. EDG uses the credentials for an Entra ID user account (service account) to authenticate to Microsoft 365. EDG receives the permissions of that user account. The account must have multi-factor authentication disabled. The setting Allow public client flows must be enabled for the app registration in Entra ID.
Warning
Resource Owner Password Credentials Flow is no longer considered secure and is deprecated by Microsoft. Support will be removed in a future release of EDG.
The registration in Entra ID must be granted the following API permissions:
Sites.Read.All- always requiredTermStore.ReadWrite.All- required for taxonomy integrationFiles.ReadWrite.All- required for corpus integration and Excel integration
If Client Credentials Flow is used, the permissions must be granted as Application Permissions. If ROPC Flow is used, the permissions must be granted as Delegated Permissions.
EDG Configuration Parameters
Parameter |
Description |
|---|---|
Application ID (Delegated) |
For Delegated Permissions only: The application ID generated when the EDG application was registered in Entra ID. |
Directory ID (Delegated) |
For Delegated Permissions only: The ID of the Microsoft 365 tenant that the EDG application was registered in. |
Client Secret (Delegated) |
For Delegated Permissions only: The client secret generated for the application registration. This field is editable only if the two previous fields are set. |
Application ID (App) |
For App Permissions only: The application ID generated when the EDG application was registered in Entra ID. |
Directory ID (App) |
For App Permissions only: The ID of the Microsoft 365 tenant that the EDG application was registered in. |
Client Secret (App) |
For App Permissions with Client Credentials Flow: The client secret generated for the application registration. This field is editable only if the two previous fields are set. |
Service Account Username |
For App Permissions with ROPC Flow: The user name for the service account used to authenticate. |
Service Account Password |
For App Permissions with ROPC Flow: The password for the service account used to authenticate. This field is editable only if the Application ID (App) and Service Account Username fields are set. |
See Also
Further Reading on TopBraid