Graph API

Microsoft Graph API enables you to access Microsoft systems that may otherwise have been difficult to connect to such as Azure and Office applications (SharePoint, Exchange etc.) Below you will see a few walk through's of how to setup the graph API and then connect to your desired source in Data Sync.

Azure AD

Using the OData connector with Graph API we can connect to Azure AD. To do this we have a few things we need to setup first.

Create the App in Azure

Log in to your Azure account and go to Azure Active Directory > App Registrations > New Application Registration.

New App

Now type in a unique name for the application and a sign on URL (this can be anything you like as it is not important for what we want our application to do) and leave the application type as Web app / API. Click Create once you are done.

The Sign-on URL here is defined to allow us to extract the authorisation code from the OAuth handshake. This is used when the OAuth authorisation flow is configured as authorization_code.

Configure New App

Set the Permissions

Now we need to set the permission levels we want our application to have, in the app details click Settings.

App Settings

Then go to Required Permissions > Add > Select an API.

Add Permissions

Choose Microsoft Graph and then click Select.

Add Graph API

Now go to Select Permissions and choose the permissions for your application. At a minimum you will need read and write access to users profiles. However to view groups and other items you will need to extend these permissions to match your requirements. Check out the API Documentation to check what permissions you will need to set.

Set Permissions

Once you are happy with the permissions click Select and then Done in the Add API blade.

To finish off registering the new app you will need to click Grant Permissions to apply the permissions you have just set.

Grant Permissions

Get the App Key (Secret Key)

Now we need to get the application key that will be the client secret. Go to Settings in the app details and then go to Keys.

App Keys

Type in a description for the key, in this example we have used datasync. Then set the expiry date as required, we have chosen never expires.

Create App Key

Click Save and a new client secret will be generated.

Generate App Key

NB: Make sure to make a note of the key once it has been generated as it will not be shown again. If you loose the key you will need to create a new key.

Gather the Data for the Connection

Now lets collect a few details that we will need for the connection:

App ID - This can be found by going to your app details.

Locate App ID

Client Secret - This is the app key you made a note of earlier.

Resource - This will be:

Token Endpoint - This can be found by going to app registrations, choosing Endpoints, and then copying the OAuth 2.0 Token Endpoint.


Token Endpoint

Test the connection

To test the connection of the API returns an access token, we have used postman in the below example.

In postman we setup a POST API to the OAUTH 2.0 Token Endpoint. Which will look something like:{AzureDirecotryID}/oauth2/token

Then under body, choose x-www-form-urlencoded and enter in the key values as below:

Key Value
grant_type client_credentials

Now press Send, if an access token is returned the connection is successful.

Test API

Connecting in Data Sync

To connect to Azure AD with Data Sync choose the OAuth 4.0 Connector and enter in the following details:

1 - ServiceURL

The service URL for Graph API will be:

OAuth Connection AzureAD

2 - OAuth2

Click on the three dots to open the connection window, and complete the required fields. Once you are done click Get Access Token to go back to the connection window.

OAuth2 Configuration

Field Value
Authorise URL To be left blank
Token URL Token Endpoint URL
Client ID App ID
Client Secret App Key/Client Secret
Redirect URL You can set this to wherever you prefer or you can use the Simego default
State To be left blank
Scope to be left blank
Grant Type client_credentials

3 - EntityURLItemConvention

Set this to be {entity}/{key} for Azure AD.

4 - Windows

Not used with OAuth authentication.

5 - Entity

Finally choose your entity from the drop down.

Click Connect & Create Library Connection to save your connection. You are now connected to Azure AD.


If you are having permission errors i.e. the error widow states 'Permission Denied' you will need to go back to your App and add permissions. Make sure to press Grant Permissions once you have made changes, and then reopen your saved connection and click Get Access Token under the OAuth2 section of the window. This will refresh your connection and apply the permissions.