Microsoft Exchange Query Authentication Guide
  • Dark
    Light

Microsoft Exchange Query Authentication Guide

  • Dark
    Light

Overview

This is a step-by-step guide to acquiring credentials for authorizing the Microsoft Exchange Query component for use in Matillion ETL.

Note
  • The Microsoft Exchange Query connector uses an OAuth for third-party authentication.
  • While connector properties may differ between cloud data warehouses, the authentication process remains the same.
  • Most third-party apps and services that connect to Microsoft data can be set up for use in Matillion ETL through the Microsoft Azure Portal using much of the same process.

Begin by creating an OAuth entry in Matillion ETL, as described in Manage OAuth. You should then configure this OAuth entry using the Dynamics 365 credentials, obtained as described below.


Acquiring third-party credentials

  1. Log in to the Microsoft Azure Portal, and enter valid login credentials to continue. On the Microsoft Azure dashboard, click App registrations on the Azure services menu at the top. If App registrations is not visible, click More services, on the right of the menu for a longer list of options.
  2. On the App registrations page, click + New registration.
  3. On the Register an application page, provide details for the following fields:
    • Name: A name for the app.
    • Supported account types: Select Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox).
    • Redirect URI: Select Web in the drop-down field and paste the Callback URL copied from the Manage OAuth window in Matillion ETL earlier. Note that although the page states this field is optional, you must complete it.
  4. Click Register.
  5. The browser will redirect to the Overview page on the app's newly created dashboard. From here, copy the credentials to the right of Application (client) ID and Directory (tenant) ID, as they will be required later in authorizing for use in Matillion ETL.
Note

When copying the credentials, some browsers may add a space to the end of the string. This will cause the credentials to fail.

  1. On the menu on the left, click Authentication. Scroll down to the Implicit grant and hybrid flows section, and select the checkbox next to ID tokens (used for implicit and hybrid flows), then click Save at the top of the page.
  2. Click Certificates and secrets on the menu on the left, and on the Certificates and secrets page, click + New client secret.
  3. The Add a client secret page will appear to the right. Provide details for the following fields:
    • Description: Provide a description of the client secret.
    • Expires: Use the Expires drop-down to select when the client secret should expire, then click Add.
  4. You will automatically be returned to the Certificates and secrets page, where the new client secret will appear in the list in the Client secrets tab. Copy the client secret Value, as it will be required in authorizing for use in Matillion ETL.
Note
  • Make sure to copy the client secret right away as it may appear only once.
  • When copying the client secret, some browsers may add a space to the end of the string. This will cause the credentials to fail.
  1. Click API permissions on the menu on the left, then click + Add a permission to open the Request API permissions panel on the right of the screen.

  2. In the Request API permissions panel, click Microsoft Graph in the list of Microsoft APIs.

  3. This will open the Microsoft Graph panel. Select Delegated permissions and then select the following permissions from the list. It may be more convenient to use the search bar to quickly locate them. After you have added all of the required permissions, click Add permissions.

    1. Calendars.ReadWrite.Shared
    2. Contacts.ReadWrite
    3. Group.Read.All
    4. Group.ReadWrite.All
    5. User.ReadWrite.All
    6. Mail.ReadWrite.Shared.
  4. Click Expose an API in the menu on the left.

  5. Before a scope can be added, an Application ID URI will need to be set. The application ID URI is a URI that uniquely identifies the application in your Azure Active Directory. Click Set to the right of the Application ID URI field and replace the suggested URI with your preferred URI to be associated with the app, then click Save.

  6. Click + Add a scope. The Add a scope panel will appear on the right. Provide details for the following required fields:

    • Scope name: A display name for the scope when access to the API is requested. Best practice dictates using a <resource.operation.consent> name structure.
    • Who can consent? Select which users can consent to this scope in directories where user consent is enabled: Admins and users, or Admins only.
    • Admin consent display name: A name for the scope to be displayed on admin consent screens.
    • Admin consent description: A detailed description for the scope to be displayed on admin consent screens.
  7. Click Add scope.

  8. Now return to the Manage OAuth dialog in Matillion ETL to complete the OAuth configuration.