Skip to main content

Set up delegated access to a Microsoft application using OAuth 2.0

Learn how to set up delegated access with Microsoft Graph to an Entra ID application using OAuth 2.0 in Torq.

Updated over 4 months ago

Delegated permissions are often required for specific types of API calls where application permissions are not available. It is possible to use a delegated set of permissions for a Microsoft application when using the OAuth 2.0 integration in Torq.

To set up delegated access for Excel, OneDrive, Outlook, and SharePoint Steps, see the Microsoft 365 Delegated Access integration guide.

Create an application in Microsoft Entra ID

  1. Open Microsoft Azure: Navigate to your Azure portal and go to Azure services > Microsoft Entra ID.

  2. Register a new application: Go to Manage > App registrations and click New registration if a relevant app assigned to an Azure resource does not exist.

    1. Enter a unique and meaningful name.

    2. Give the account Accounts in this organization directory only access.

    3. Click Register.

  3. Open API permissions: In the application, go to API permissions and click + Add a permission.

  4. Add permissions: Select an API endpoint such as Microsoft Graph, click Delegated permissions, select the relevant permissions, and then click Add permissions.

  5. Open Certificates & secrets: In the application, go to Manage > Certificates & secrets.

  6. Create a client secret: Select the Client secrets tab and click New client secret.

    1. Enter a meaningful description/name.

    2. Select an expiration date according to your organization's best practices.

    3. Click Add.

  7. Copy the secret: Copy the client secret Value to save it for later. You will need it to create the integration in Torq.

  8. Open Authentication (Preview): Go to Manage > Authentication (Preview) and click + Add Redirect URI.

  9. Add redirect URI: Click Web, paste https://redir.torq.io/integrations/oauth_2 (or the latest callback URL as provided by the integration setup) as the Redirect URI, and then click Configure.

  10. Copy the client and tenant IDs: Go to the application's Overview page and copy both the Application (client) ID and Directory (tenant) ID to save them for later. You will need them to create the OAuth 2.0 integration in Torq.

Create an OAuth 2.0 integration in Torq

  1. Navigate to the integration: In Torq, go to Build > Integrations > Steps > OAuth 2.0 and click Add Instance.

  2. Configure the integration:

    1. Enter a meaningful name for the integration.

    2. For Grant Type, select Authorization Code.

    3. For Auth URL, paste https://login.microsoftonline.com/<TENANT ID>/oauth2/v2.0/authorize with the tenant ID you copied earlier.

    4. For Token URL, paste https://login.microsoftonline.com/<TENANT ID>/oauth2/v2.0/token with the tenant ID you copied earlier.

    5. Paste the client ID you copied earlier.

    6. Paste the client secret you generated earlier.

    7. For Scopes, paste https://graph.microsoft.com/.default,offline_access.

  3. Finalize: Click Continue. You will be forwarded to Microsoft to set up the delegated access—the account that is logged in to Microsoft on that browser will be the one to approve the access.

Related Articles
Microsoft 365 Delegated Access
OAuth 2.0
Microsoft Sentinel
Microsoft 365 Graph Subscription
Microsoft 365
Did this answer your question?