Microsoft Azure has recently introduced Microsoft Graph, a RESTful web API that enables you to access Microsoft Cloud service resources. In this blog,’ Explore Graph APIs by Connecting Microsoft Azure & Salesforce ‘ I am going to demonstrate how you can register Microsoft Azure App, how you can make requests to the Microsoft Graph API, get authentication token for a user or service and how you can set up an authenticated connection between Microsoft Azure and Salesforce.
In the next blog, I will be demonstrating how this connection could be used to sending emails from Salesforce via outlook and interestingly without writing a single line of apex code!
Prerequisites for Connecting Microsoft Azure & Salesforce :
To begin with it you would need :
- Set up an outlook email.
- Create a Salesforce developer Org instance.
Alright, Let’s follow the below steps :
Step 1) Registering an app on Microsoft Azure Portal
Like a connected app in Salesforce, Azure directory is used to connect and authenticate in Microsoft Azure, So you have to first begin with registering an app in the azure directory.
Please follow the instructions mentioned in the below image following all the 4 steps.
Once you hit register, your registered app should be similar to the below image. Copy the application client Id to the notepad as you are going to use it in the next steps
Step 2)Generating Client Secret in the registered Microsoft Azure App
In Step 1 we have generated the Application client Id, now we need to generate Client Secret.
- Go to Certificates & Secrets
- Add a Description
- Select the expiry to ‘Never’.
- Click on the ‘Add’ button.
Once you click ‘Add’ button you will be receiving this screen, Make sure you copy the client secret which would be used in the next steps:
Step 3) Add Graph API Permission Mail. Send () to the Azure App
Go to API permissions – > Click on Add permissions – > Search ‘mail’ – > Select Mail.send ()
This Mail.Send() API permission from Graph API can be used to send the email from Salesforce via outlook
Once you add Permission, the screen should look similar to the below image :
Step 4) Adding an Auth Provider in Salesforce and using Graph API
- Go to Setup-> Auth Provider
- Enter Consumer Key and Consumer Secret from the created Microsoft Azure App. (Application client ID and client secret Id)
- Use Authorization endpoint URL from Graph API – https://login.microsoftonline.com/common/oauth2/v2.0/authorize.
- Use the Token endpoint URL from Graph API – https://login.microsoftonline.com/common/oauth2/v2.0/token.
- Scope – Add the scope which includes’ Offline Access’ and recently created ‘User send mail’ permission. Offline Access provides both refresh token and access token. Salesforce uses the refresh token to generate access token when the access token expires.
Once you hit save, Auth Provider will provide the Callback URLs automatically.
5. Add a call back /Redirect URL to Microsoft Azure App
Now let us add this callback URL to the Azzure app
Go to Overview -> Add redirect URL.
You will be redirected to the below screen.
Once you the above screen appears, follow below steps :
- Go to Authentication
- Click on the ‘Add a platform’ button.
- Select the Platform – ‘Web Applications’
- Once you select the ‘Web Applications, you will get an option to add the Redirect URL.
- Copy-paste the call back URL generated.
- Hit Configure
Once you hit ‘Configure’ the ‘overview’ screen should look like below :
6.Set up Name Credentials
A Named Credential specifies the URL of a callout endpoint and its required authentication parameters in one definition. Salesforce manages all authentication for Apex callouts that specify a named credential as the callout endpoint so that your code doesn’t have to.
You can learn more about Name Credentials here
Follow the steps below as directed in above screen :
- Go to Set up – > Name Credentials
- Add the host URL – Since we are using Graph API, we need to provide graph API as the host URL
- Authentication – OAuth 2.0
- Authentication provider – Outlook, We have already created this Auth provider in previous steps.
- Add the same scope as added to Auth Provider
- Set up named credentials, if you select the checkbox highlighted in the 6th arrow, it will automatically set up authentication flow.
Once you hit save, the Microsoft web app will ask you to authenticate and confirm the ‘Sending Email ‘ and other permissions.
After clicking ‘Yes’ in the above step, a similar screen with Named Credentials will appear.
We are all set now. As it is clearly indicated that We have authenticated and connected the Salesforce and Microsoft Azure App successfully.
In the next blog, We will explore more on the graph APIs and how we will invoke those APIs for sending emails from Salesforce via outlook without writing a single line of code. Stay tuned!