Office 365 Application: Use Microsoft Graph for Synchronization

App registration

To make requests using Microsoft Graph API you need to register an app in Azure Portal. To register an application:

  1. Go to Azure Portal

  2. Click on Azure Active Directory

  3. Select App registrations on the left manage panel

  4. Press New registration

  5. Type a name of your application, for example “passly app”

  6. Select Supported account types for an application

  7. Press Register button

Detailed info how to register an app in Azure Portal .

App Permissions

Azure AD assigns a unique application (client) ID to your app. You need to give permissions to your application. A daemon application can request only application permissions to APIs (not delegated permissions). On the API permissions page for the application registration, after you've selected Add a permission and chosen the API family (Microsoft Graph), choose Application permissions, and then select your permissions.

To enable sync you need to select
Group > Group.ReadWriteAll;
Domain > Domain.ReadWrite.All;
User > User.ReadWrite.All;
Directory > Directory.ReadWrite.All;

Then press Grant admin consent so the Status column of the permissions table contains “Granted for <domain_name>“ status.



App Certificate

As with any confidential client application, you need to add a secret or certificate to act as that application's credentials so it can authenticate as itself, without user interaction.

To get a certificate go to Passly SSO Manager > Application Library > Your Office 365 application > Singing and Encryption.

There should be a valid signing certificate. Press download button to save it locally.


To upload a certificate to your Azure app registration:

  1. Select Certificates & secrets > Certificates > Upload certificate

  2. Select a previously downloaded certificate

  3. Add a description

  4. Press Add

You can check the thumbprint of an uploaded certificate that should be equal to the one from Passly tab.


Detailed information on how to grant permissions and add a certificate .

Passly setup

To use Microsoft Graph Federation go to SSO Manager > Application Library > Your Office 365 application.

Select Microsoft Graph option for federation.

You need to fill in the following settings:

  • Client ID - registered Azure Portal application id

  • Tenant ID - Azure AD tenant id

  • Domain - domain to federate

To verify the settings press Verify button.


Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section