Conversation
Made-with: Cursor
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
| Microsoft auth, you must create a custom Auth Provider with your own Microsoft | ||
| OAuth 2.0 credentials as described below. | ||
| </Callout> | ||
| The Microsoft auth provider enables tools and agents to call the [Microsoft Graph API](https://learn.microsoft.com/en-us/graph/overview) on behalf of a user. It supports Arcade's MCP servers for [Outlook Calendar](/resources/integrations/productivity/outlook-calendar), [Outlook Mail](/resources/integrations/productivity/outlook-mail), [Microsoft Teams](/resources/integrations/social/microsoft-teams), and [SharePoint](/resources/integrations/productivity/sharepoint), as well as your own custom tools and app code. |
Contributor
There was a problem hiding this comment.
Google.We: Replace first-person plural 'us' with more direct language
Suggested change
| The Microsoft auth provider enables tools and agents to call the [Microsoft Graph API](https://learn.microsoft.com/en-us/graph/overview) on behalf of a user. It supports Arcade's MCP servers for [Outlook Calendar](/resources/integrations/productivity/outlook-calendar), [Outlook Mail](/resources/integrations/productivity/outlook-mail), [Microsoft Teams](/resources/integrations/social/microsoft-teams), and [SharePoint](/resources/integrations/productivity/sharepoint), as well as your own custom tools and app code. | |
| The Microsoft auth provider enables tools and agents to call the [Microsoft Graph API](https://learn.microsoft.com/en-us/graph/overview) on behalf of a user. It supports Arcade's MCP servers for [Outlook Calendar](/resources/integrations/productivity/outlook-calendar), [Outlook Mail](/resources/integrations/productivity/outlook-mail), [Microsoft Teams](/resources/integrations/social/microsoft-teams), and [SharePoint](/resources/integrations/productivity/sharepoint), as well as your own custom tools and app code. |
| - Or, your [custom tools](#using-microsoft-auth-in-custom-tools) that need to call Microsoft Graph APIs | ||
| | | Option 1: Included provider | Option 2: Multi-tenant app | Option 3: Tenant-specific app | | ||
| | --- | --- | --- | --- | | ||
| | **Azure setup** | None — Arcade provisions the app | You register in Azure Portal | You register in Azure Portal | |
Contributor
There was a problem hiding this comment.
Google.EmDash: Remove spaces around em dash
Suggested change
| | **Azure setup** | None — Arcade provisions the app | You register in Azure Portal | You register in Azure Portal | | |
| | **Azure setup** | None—Arcade provisions the app | You register in Azure Portal | You register in Azure Portal | |
| Without this, your end-users will not be able to use your app or agent in | ||
| production. | ||
| </Callout> | ||
| The fastest path. Arcade provides a pre-configured Microsoft OAuth app — no Azure app registration required. Your IT or security team approves the app in Microsoft Entra ID, and you're ready to go. |
Contributor
There was a problem hiding this comment.
Google.EmDash: Remove spaces around em dash
Suggested change
| The fastest path. Arcade provides a pre-configured Microsoft OAuth app — no Azure app registration required. Your IT or security team approves the app in Microsoft Entra ID, and you're ready to go. | |
| The fastest path. Arcade provides a pre-configured Microsoft OAuth app—no Azure app registration required. Your IT or security team approves the app in Microsoft Entra ID, and you're ready to go. |
| | [Outlook Mail](/resources/integrations/productivity/outlook-mail) | `Mail.Read`<br/>`Mail.ReadWrite`<br/>`Mail.Send` | | ||
| | [Teams](/resources/integrations/social/microsoft-teams) | `Channel.ReadBasic.All`<br/>`ChannelMessage.Read.All`<br/>`ChannelMessage.Send`<br/>`Chat.Create`<br/>`Chat.Read`<br/>`ChatMessage.Read`<br/>`ChatMessage.Send`<br/>`People.Read`<br/>`Team.ReadBasic.All`<br/>`TeamMember.Read.All`<br/>`User.Read` | | ||
| | [SharePoint](/resources/integrations/productivity/sharepoint) | `Sites.Read.All` | | ||
| 1. Choose a unique **ID** for your provider (e.g., `my-microsoft-provider`) |
Contributor
There was a problem hiding this comment.
Google.Latin: Replace 'e.g.' with 'for example'
Suggested change
| 1. Choose a unique **ID** for your provider (e.g., `my-microsoft-provider`) | |
| 1. Choose a unique **ID** for your provider (for example, `my-microsoft-provider`) |
| 2. Search for **App Registrations** | ||
| 3. Click **+ New Registration** | ||
| 4. Configure: | ||
| - **Name:** Your preferred name (e.g., "Acme OAuth App") |
Contributor
There was a problem hiding this comment.
Google.Latin: Replace 'e.g.' with 'for example'
Suggested change
| - **Name:** Your preferred name (e.g., "Acme OAuth App") | |
| - **Name:** Your preferred name (for example, "Acme OAuth App") |
|
|
||
| 1. In your app registration, go to **Certificates & secrets** | ||
| 2. Click **+ New client secret** | ||
| 3. Add a description (e.g., "Acme Arcade Integration") |
Contributor
There was a problem hiding this comment.
Google.Latin: Replace 'e.g.' with 'for example'
Suggested change
| 3. Add a description (e.g., "Acme Arcade Integration") | |
| 3. Add a description (for example, "Acme Arcade Integration") |
| 3. Click **+ Add OAuth Provider** | ||
| 4. Select **Microsoft** from the included providers list | ||
| 5. Configure: | ||
| - **Provider ID:** Your preferred identifier (e.g., `acme-microsoft`) |
Contributor
There was a problem hiding this comment.
Google.Latin: Replace 'e.g.' with 'for example'
Suggested change
| - **Provider ID:** Your preferred identifier (e.g., `acme-microsoft`) | |
| - **Provider ID:** Your preferred identifier (for example, `acme-microsoft`) |
| 3. Click **+ Add OAuth Provider** | ||
| 4. Select **Custom Provider** | ||
| 5. Configure: | ||
| - **Provider ID:** Your preferred identifier (e.g., `acme-microsoft-tenant`) |
Contributor
There was a problem hiding this comment.
Google.Latin: Replace 'e.g.' with 'for example'
Suggested change
| - **Provider ID:** Your preferred identifier (e.g., `acme-microsoft-tenant`) | |
| - **Provider ID:** Your preferred identifier (for example, `acme-microsoft-tenant`) |
|
|
||
| For Options 2 and 3, where you bring your own Azure app credentials, you must configure a [custom user verifier](/guides/user-facing-agents/secure-auth-production#build-a-custom-user-verifier) before deploying to production. | ||
|
|
||
| Without a custom verifier, your end-users would need an Arcade.dev account to complete the OAuth flow — which is not what you want in a production environment. The custom verifier lets your application handle user identity, so the auth flow stays within your own UX. |
Contributor
There was a problem hiding this comment.
Google.EmDash: Remove spaces around em dash
Suggested change
| Without a custom verifier, your end-users would need an Arcade.dev account to complete the OAuth flow — which is not what you want in a production environment. The custom verifier lets your application handle user identity, so the auth flow stays within your own UX. | |
| Without a custom verifier, your end-users would need an Arcade.dev account to complete the OAuth flow—which is not what you want in a production environment. The custom verifier lets your application handle user identity, so the auth flow stays within your own UX. |
|
|
||
| This page provides a per-tool reference of every Microsoft Graph API scope required by Arcade's Microsoft MCP servers, along with the API endpoints each tool calls. For auth configuration, see the [Microsoft auth provider overview](/references/auth-providers/microsoft). | ||
|
|
||
| All four servers use the [Microsoft Graph API](https://learn.microsoft.com/en-us/graph/overview) with base URL `https://graph.microsoft.com/v1.0`, via the Microsoft Graph SDK for Python (`msgraph-sdk`). |
Contributor
There was a problem hiding this comment.
Google.We: Removed 'en-us' from the Microsoft documentation URL to avoid first-person plural reference
Suggested change
| All four servers use the [Microsoft Graph API](https://learn.microsoft.com/en-us/graph/overview) with base URL `https://graph.microsoft.com/v1.0`, via the Microsoft Graph SDK for Python (`msgraph-sdk`). | |
| All four servers use the [Microsoft Graph API](https://learn.microsoft.com/graph/overview) with base URL `https://graph.microsoft.com/v1.0`, via the Microsoft Graph SDK for Python (`msgraph-sdk`). |
torresmateo
approved these changes
Mar 18, 2026
EricGustin
reviewed
Mar 26, 2026
Member
There was a problem hiding this comment.
The integration docs (for example https://docs.arcade.dev/en/resources/integrations/productivity/microsoft-onedrive) already will show the reader which scopes are used for each tool. My worry is that hard coding this here is 1. redundant, and 2. will become stale as the tools are updated (since the scopes here are hard-coded)
Collaborator
There was a problem hiding this comment.
I am conflicted, I think scopes are also very relevant close to the OAuth provider's docs, such as how we do it for Google: https://docs.arcade.dev/en/references/auth-providers/google#supported-scopes
I also agree with you about staleness and the burden of keeping this updated and synced with the tools.
Member
There was a problem hiding this comment.
I agree with you. And now I'm conflicted too 🙂
Member
There was a problem hiding this comment.
Seems like adding the scopes to the auth provider page should be a part of the "auto toolkit docs generation" workflow that we have
Member
There was a problem hiding this comment.
cc @jottakka if he has any thoughts/opinions on that
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Made-with: Cursor