Register a Microsoft 365 authorization provider in Token Vault

This topic describes the second configuration task in the process of setting up an AutoStore workflow using Modern Authentication / OAuth2.

Perform this task in Token Vault after you have successfully registered a Microsoft 365 application for Token Vault through the Microsoft Identity Platform (Azure Active Directory) admin center.

To register an Authorization Provider in Token Vault, perform the following steps:

  1. Launch Token Vault.

    Type the Token Vault URL into the address bar of your browser according to your Token Vault configuration in the following format: https://<FQDN>:<port>

  2. Log in with your Token Vault administrator credentials.

    Type your Windows User name in domain\username format, then your Password and click Log in.

    The first account to log into the Token Vault administration page automatically receives administrator rights.
  3. Click Manage Authorization Providers on the left.
    The list of already registered providers is displayed.
  4. Click Register new at the bottom.
  5. Select the Microsoft 365 authorization provider from the list.

    The new Authorization Provider configuration page opens.

    • Token Vault generates this new authorization provider with the New Microsoft 365 authorization provider name.

      Change the default name according to your needs.

      Authorization Provider names must be unique in Token Vault.

    • Provider ID is a unique and automatically generated ID.

      This ID must always be sent by the AutoStore component requesting authentication tokens from Token Vault.

    • The Redirect URI is generated automatically from the currently open Token Vault site URI.

      This URI must be configured for the Microsoft 365 application registered for Token Vault.

  6. Copy the generated Provider ID for later use. It is required for the configuration of the component.
  7. Enter your Application (Client) ID and Client Secret (provided by Microsoft Identity Platform (Azure Active Directory) during the application registration task).
  8. Select the proper account type from the Supported account types list according to your account type configured for the application registered for Token Vault on the Microsoft Identity Platform (Azure Active Directory).

    Enter your Microsoft 365 Tenant name if you selected Single tenant account type.

  9. Select the proper national cloud from the National Cloud list if your organization uses a national cloud due to data residency or compliance requirements. Otherwise, keep the default Azure AD (global service) value.
  10. Add Microsoft Graph in the Scope Sets list.
  11. Click Save.
  12. Click Enable under the Authorization Provider to enable it. To disable the Authorization Provider for users, click Disable.
  13. Click Edit if you want to modify any properties of the Authorization Provider.

At this point Token Vault is connected to Microsoft 365 and enabled for users to authorize.