Microsoft Graph Connector

Content Type: Module

Categories: Connectors

Overview

Microsoft Graph is the gateway to data and intelligence in Microsoft 365. The Microsoft Graph Connector enables you to connect your Mendix app to your Microsoft 365 environment through the Microsoft Graph API and enhance the experience of your users. Use the Graph Explorer to learn what you can do and extend the module with your own ideas.

Documentation

Demo urlhttps://microsoftgraph100-sandbox.mxapps.io

Demo login credentials

username: demo_administrator

password: OLJxO3tnlT

Description

Microsoft Graph exposes REST APIs and client libraries to access data on the following Microsoft cloud services:

Microsoft 365 core services: Bookings, Calendar, Delve, Excel, Microsoft 365 compliance eDiscovery, Microsoft Search, OneDrive, OneNote, Outlook/Exchange, People (Outlook contacts), Planner, SharePoint, Teams, To Do, Workplace Analytics.
Enterprise Mobility and Security services: Advanced Threat Analytics, Advanced Threat Protection, Azure Active Directory, Identity Manager, and Intune.
Windows 10 services: activities, devices, notifications, Universal Print.
Dynamics 365 Business Central.

Typical usage scenario

Allow users to use their Outlook mail to send and receive emails
Retrieve and schedule calendar events
Retrieve all users in your tenant and provision users with this information
Enable SSO with Azure (requires customisation)
Plan online meetings
Search through your Office 365 environment and use the results in your workflow

Features and limitations

Authorise users with an Azure App Registration so that they can interact with their Office 365 environment
Retrieve and Update Users
Retrieve and Update Groups
Create and retrieve Subscriptions to Change Notifications
Limitation: Authorization responses with a fragment payload cannot be processed by Mendix
Limitation: Subscribing to Change Notifications is implemented, but processing Change Notifications requires customization. Content of a Change Notification can widely vary so there is no standard way to implement this.

Dependencies

Studio Pro 9.24.30 or higher
Encryption module
NanoflowCommons module
CommunityCommons module
Data Widgets module
Combo Box
Access to an App Registration
relevant API permissions in the App Registration
a Client Secret
the Directory (tenant) ID
the Application (client) ID

Installation

Install the module and all of the dependencies
Add the snippet “Authentication_Overview” to a page that can be accessed by the Administrator
Use the Application ID, Directory ID and Application Secret from your Azure App Registration to get authorization for your user.
Add Snip_Login to a page that can be accessed by all users to allow users to request authorization with the Authentication you configured as an Administrator.

Configuration

Create an App Registration or get access to an existing App Registration in your Azure tenant. Use the Credentials to configure your Authentication and get authorization as a user. Once authorised, you can use the authorization to interact with the Office 365 resources. make sure that the App Registration has the correct API permissions.
To make sure the authorization flow can be completed, the Redirect URIs need to be configured in the Authentication section of your app registration. You can find (and change) the URI in the PRS_Azure REST service. For local deployment it should most likely be http://localhost:8080/microsoftgraph/oauth/v2/callback_azure.
Create a new Authentication object. This will be used for all authorization requests from the admin and other users that are allowed to request authorization. Fill in the Application (client) ID, Directory (tentant) ID and Client Secret from your Azure App Registration. Once these are filled in, the Well-Known Configuration will be retrieved.
Choose the relevant scopes for you authentication. If you want to add more scopes, you can do so in the Metadata group box in the Supported Scopes section.
Select your preferred Response Type, Response Mode and Prompt for authorization. Response Type "Code", Response Mode "Query" are recommended for most used cases.
Use the "Get Authorization as a User" button to get authorized with your own account. Use the "Get Authorization as a Service" button to get admin consent that you want to use for actions that require elevated access that you do not want to grant to individual users.

Releases

Version: 3.1.1

Framework Version: 9.24.30

Release Notes: Upgraded to 9.24.30 Upgraded to Java 21

Version: 3.1.0

Framework Version: 9.24.17

Release Notes: Changes - upgrade to 9.24.17 - added association Response_Authorization to enable using error responses outside of sub micro flows - now uses Data Widgets, Combo Box. please add data widgets module and combo box widget to your project before upgrading - added option to set authentication as default - multiple Authentications can now be set as active. - SUB_Authorization_GetActive now requires User as input parameter instead of always using $currentUser object

Version: 3.0.3

Framework Version: 9.18.7

Release Notes: -fixed missing "/" in admin consent authentication.

Version: 3.0.2

Framework Version: 9.18.7

Release Notes: Changes - additional documentation to Published Rest Services - added additional exposed microflow actions for Groups

Version: 3.0.1

Framework Version: 9.18.7

Release Notes: Changes - updated microflow and entity images Breaking Changes: - updated published rest service PRS_Azure location for authorization from /oauth2/v2 to /microsoftgraph/oauth2/v2 to avoid conflicts with OIDC module - updated published rest service PRS_ChangeNotifications location from /rest/microsoftgraph/v1 to /microsoftgraph/changenotifications/v1 this is done to be consistent with published rest service naming in this module

Version: 3.0.0

Framework Version: 9.18.5

Release Notes: NOTE: This version of has removed most of the exposed microflow actions except the ones related to Authorization, Users and Groups. existing implementation that rely on these microflow actions will break. - Complete refactoring of the module to only focus on core of Microsoft Graph. This module now serves as a base to integrate with Microsoft Graph and will be dependency for other modules that focus on specific capabilities of Microsoft Graph such as Outlook, Teamwork & Communication and Applications. - improved implementation of change notifications, will require deleting and creating existing subscriptions again. NOTE: if you are including resource data in your change notification, you will need to implement validation of tokens. - added entities to support Batching. - this release supports Studio Pro 9.18.5 or higher

Version: 2.0.0

Framework Version: 9.6.14

Release Notes: - Improved implementation for authentication as a service. Now the authorization correctly uses the client credentials grant to get a new access token if the initial token is expired NOTE: this might create breaking changes for existing authorisations as new attributes have been added. - Added pagination for email messages and users to retrieve all data in a single action - Added delta actions for email messages and users to retrieve changes in data easier - Added attachment actions to retrieve and download attachments from messages - added action to create draft message Minor improvements to domain model

Version: 1.5.2

Framework Version: 9.6.12

Release Notes: fix for issue with completing Authorization. This bug was introduced in a recent version of Studio Pro (9.13 and later). This new release uses a Non-Persistent Entity to create the Authorization instead of immediately importing to the Persistent Entity.

Version: 1.5.1

Framework Version: 9.0.5

Release Notes: -added Supported account types to Authentication to set the supported account types matching what you have configured in the App Registration. This might resolve unexpected authorization issues -minor improvements

Version: 1.5.0

Framework Version: 9.0.5

Release Notes: Upgraded to 9.0.5 for Atlas 3.0 support added Files examples to show how to retrieve your Drive and Drive Items