Microsoft credentials

You can use these credentials to authenticate the following nodes:

• Microsoft Dynamics CRM
• Microsoft Excel
• Microsoft Graph Security
• Microsoft OneDrive
• Microsoft Outlook
• Microsoft SharePoint
• Microsoft Teams
• Microsoft Teams Trigger
• Microsoft To Do

Prerequisites

• Create a Microsoft Azure account.
• Create at least one user account with access to the appropriate service.
• If the user account is managed by a corporate Microsoft Entra account, the administrator account has enabled the option “User can consent to apps accessing company data on their behalf” for this user (see the Microsoft Entra documentation).

Supported authentication methods

• OAuth2

Related resources

Refer to the linked Microsoft API documentation below for more information about each service's API:

• Dynamics CRM: Web API
• Excel: Graph API
• Graph Security: Graph API
• OneDrive: Graph API
• Outlook: Graph API and Outlook API
• Teams: Graph API
• To Do: Graph API

Using OAuth2

n8n 云服务用户注意事项

云服务用户无需提供连接详细信息。选择连接我的账户通过浏览器进行连接。

Some Microsoft services require extra information for OAuth2. Refer to Service-specific settings for more guidance on those services.

For self-hosted users, there are two main steps to configure OAuth2 from scratch:

1. Register an application with the Microsoft Identity Platform.
2. Generate a client secret for that application.

Follow the detailed instructions for each step below. For more detail on the Microsoft OAuth2 web flow, refer to Microsoft authentication and authorization basics.

Register an application

Register an application with the Microsoft Identity Platform:

1. Open the Microsoft Application Registration Portal.
2. Select Register an application.
3. Enter a Name for your app.
4. In Supported account types, select Accounts in any organizational directory (Any Azure AD directory - Multi-tenant) and personal Microsoft accounts (for example, Skype, Xbox).
5. In Register an application:
   1. Copy the OAuth Callback URL from your n8n credential.
   2. Paste it into the Redirect URI (optional) field.
   3. Select Select a platform > Web.
6. Select Register to finish creating your application.
7. Copy the Application (client) ID and paste it into n8n as the Client ID.

Refer to Register an application with the Microsoft Identity Platform for more information.

Generate a client secret

With your application created, generate a client secret for it:

1. On your Microsoft application page, select Certificates & secrets in the left navigation.
2. In Client secrets, select + New client secret.
3. Enter a Description for your client secret, such as n8n credential.
4. Select Add.
5. Copy the Secret in the Value column.
6. Paste it into n8n as the Client Secret.
7. If you see other fields in the n8n credential, refer to Service-specific settings below for guidance on completing those fields.
8. Select Connect my account in n8n to finish setting up the connection.
9. Log in to your Microsoft account and allow the app to access your info.

Refer to Microsoft's Add credentials for more information on adding a client secret.

Service-specific settings

The following services require extra information for OAuth2:

Dynamics

Dynamics OAuth2 requires information about your Dynamics domain and region. Follow these extra steps to complete the credential:

1. Enter your Dynamics Domain.
2. Select the Dynamics data center Region you're within.

Refer to the Microsoft Datacenter regions documentation for more information on the region options and corresponding URLs.

Microsoft (general)

The general Microsoft OAuth2 also requires you to provide a space-separated list of Scopes for this credential.

Refer to Scopes and permissions in the Microsoft identity platform for a list of possible scopes.

Outlook

Outlook OAuth2 supports the credential accessing a user's primary email inbox or a shared inbox. By default, the credential will access a user's primary email inbox. To change this behavior:

1. Turn on Use Shared Inbox.
2. Enter the target user's UPN or ID as the User Principal Name.

SharePoint

SharePoint OAuth2 requires information about your SharePoint Subdomain.

To complete the credential, enter the Subdomain part of your SharePoint URL. For example, if your SharePoint URL is https://tenant123.sharepoint.com, the subdomain is tenant123.

Common issues

Here are the known common errors and issues with Microsoft OAuth2 credentials.

需要管理员批准

在尝试为 Microsoft365 或 Microsoft Entra 账户添加凭据时，用户在执行程序时可能会看到此操作需要管理员批准的消息。

当尝试为凭据授予权限的账户由 Microsoft Entra 管理时，将出现此消息。为了颁发凭据，管理员账户需要为该应用程序向用户（或"租户"）授予权限。

此程序在 Microsoft Entra 文档中有详细说明。