Microsoft Entra ID credentials

You can use these credentials to authenticate the following nodes:

• Microsoft Entra ID

Prerequisites

• Create a Microsoft Entra ID account or subscription.
• If the user account is managed by a corporate Microsoft Entra account, the administrator account has enabled the option “User can consent to apps accessing company data on their behalf” for this user (see the Microsoft Entra documentation).

Microsoft includes an Entra ID free plan when you create a Microsoft Azure account.

Supported authentication methods

• OAuth2

Related resources

Refer to Microsoft Entra ID's documentation for more information about the service.

Using OAuth2

n8n 云服务用户注意事项

云服务用户无需提供连接详细信息。选择连接我的账户通过浏览器进行连接。

For self-hosted users, there are two main steps to configure OAuth2 from scratch:

1. Register an application with the Microsoft Identity Platform.
2. Generate a client secret for that application.

Follow the detailed instructions for each step below. For more detail on the Microsoft OAuth2 web flow, refer to Microsoft authentication and authorization basics.

Register an application

Register an application with the Microsoft Identity Platform:

1. Open the Microsoft Application Registration Portal.
2. Select Register an application.
3. Enter a Name for your app.
4. In Supported account types, select Accounts in any organizational directory (Any Azure AD directory - Multi-tenant) and personal Microsoft accounts (for example, Skype, Xbox).
5. In Register an application:
   1. Copy the OAuth Callback URL from your n8n credential.
   2. Paste it into the Redirect URI (optional) field.
   3. Select Select a platform > Web.
6. Select Register to finish creating your application.
7. Copy the Application (client) ID and paste it into n8n as the Client ID.

Refer to Register an application with the Microsoft Identity Platform for more information.

Generate a client secret

With your application created, generate a client secret for it:

1. On your Microsoft application page, select Certificates & secrets in the left navigation.
2. In Client secrets, select + New client secret.
3. Enter a Description for your client secret, such as n8n credential.
4. Select Add.
5. Copy the Secret in the Value column.
6. Paste it into n8n as the Client Secret.
7. Select Connect my account in n8n to finish setting up the connection.
8. Log in to your Microsoft account and allow the app to access your info.

Refer to Microsoft's Add credentials for more information on adding a client secret.

Setting custom scopes

Microsoft Entra ID credentials use the following scopes by default:

• openid
• offline_access
• AccessReview.ReadWrite.All
• Directory.ReadWrite.All
• NetworkAccessPolicy.ReadWrite.All
• DelegatedAdminRelationship.ReadWrite.All
• EntitlementManagement.ReadWrite.All
• User.ReadWrite.All
• Directory.AccessAsUser.All
• Sites.FullControl.All
• GroupMember.ReadWrite.All

To select different scopes for your credentials, enable the Custom Scopes slider and edit the Enabled Scopes list. Keep in mind that some features may not work as expected with more restrictive scopes.

Common issues

Here are the known common errors and issues with Microsoft Entra credentials.

需要管理员批准

在尝试为 Microsoft365 或 Microsoft Entra 账户添加凭据时，用户在执行程序时可能会看到此操作需要管理员批准的消息。

当尝试为凭据授予权限的账户由 Microsoft Entra 管理时，将出现此消息。为了颁发凭据，管理员账户需要为该应用程序向用户（或"租户"）授予权限。

此程序在 Microsoft Entra 文档中有详细说明。