- OAuth (User-Delegated) - Authenticate as a specific user
- Service Principal (Application) - Authenticate as an application with organization-wide access
Supported Microsoft 365 Services
| Service | OAuth | Service Principal |
|---|---|---|
| Outlook | ✅ Yes | ✅ Yes |
| Microsoft Teams | ✅ Yes | ✅ Yes |
| OneDrive | ✅ Yes | ✅ Yes |
| SharePoint | ✅ Yes | ✅ Yes |
| Dynamics 365 CRM | ❌ No | ✅ Yes |
| Dynamics 365 Field Service | ❌ No | ✅ Yes |
| Dynamics 365 Business Central | ❌ No | ✅ Yes |
Authentication Method 1: OAuth (User-Delegated)
Description
OAuth authentication allows Noxus to perform actions on behalf of a specific user. The user grants permission through an interactive consent screen, and Noxus can then access resources that user has access to.When to Use
Use OAuth When
- Actions should appear as coming from a specific user
- Access should be limited to what the user can see
- User accountability is required for audit trails
- You only need access to one user’s data
Characteristics
- Permission Type: Delegated (user context)
- User Interaction: Required during setup
- Access Scope: Limited to user’s accessible resources
- Token Management: Automatic refresh
- Best For: User-specific workflows, personal automation
Authentication Flow
Setup Process
Find Microsoft Service
Select the Microsoft service you want to connect (Outlook, Teams, OneDrive, or SharePoint)
Authentication Method 2: Service Principal (Application)
Description
Service Principal authentication uses an Azure application identity with administrator-approved permissions. This enables organization-wide access without requiring individual user consent for each operation.When to Use
Use Service Principal When
- Running background automation without user involvement
- Need fine-grained control of which permissions/entities can be accessed
- Access to resources across multiple users
- Organization-wide operations
- Scheduled tasks and system integrations
Characteristics
- Permission Type: Application (organization context)
- User Interaction: None required after setup
- Access Scope: Organization-wide (based on granted permissions)
- Token Management: Automatic
- Best For: Background automation, cross-user operations
Authentication Flow
Azure Setup Requirements
Step 1: Register an Application
Open Azure Portal
Go to Azure Portal
Step 2: Configure API Permissions
Add the following permissions based on the services you need:- Microsoft Graph
- Dynamics 365
For Outlook, Teams, OneDrive, SharePoint:
| Service | Required Permissions |
|---|---|
| Outlook | Mail.Read, Mail.Send, Mail.ReadWrite |
| Teams | Team.ReadBasic.All, Channel.ReadBasic.All, ChannelMessage.Send |
| OneDrive | Files.Read.All, Files.ReadWrite.All |
| SharePoint | Sites.Read.All, Sites.ReadWrite.All (or Sites.Selected for restricted access) |
Step 3: Grant Admin Consent
Step 4: Create Client Secret
Step 5: Gather Required Information
You will need:| Credential | Location |
|---|---|
| Tenant ID | Found in Microsoft Entra ID overview |
| Client ID | Found in your app registration overview |
| Client Secret | The value you copied in Step 4 |
Noxus Configuration
Additional Configuration
For each integration there may be additional configurations, such as granular permissions used, or resource limitations
Comparison: OAuth vs Service Principal
Feature Comparison
| Feature | OAuth | Service Principal |
|---|---|---|
| Identity | Individual user | Application |
| Setup | User clicks to connect | Admin configures in Azure |
| Consent | User approves | Admin pre-approves |
| Access Level | User’s resources only | Organization-wide |
| User Interaction | Required at setup | Not required |
| Typical Use Case | Personal automation | Background jobs, org-wide operations |
| Maintenance | Minimal | Secret rotation required |
Decision Tree
Advanced: SharePoint Sites.Selected Permission
For use-cases requiring restricted access to specific SharePoint sites, Noxus supports theSites.Selected permission model.
- Sites.Read.All / Sites.ReadWrite.All
- Sites.Selected
Full Access Model
- Access to all SharePoint sites in the organization
- Simpler configuration
- Broader permissions
- No site-specific configuration needed
Configuration Options
| Setting | Description |
|---|---|
| Allowed Site URLs | List of SharePoint site URLs the integration can access |
| Use Sites.Selected Permission | When enabled, only fetches the specified sites |
Dynamics 365 Integrations
Dynamics 365 CRM and Field Service
Supported Operations:- Accounts, Contacts, Leads, Opportunities (CRM)
- Work Orders, Bookings, Resources (Field Service)
- Custom entities via Dataverse
Dynamics 365 Business Central
Supported Operations:- Customer management
- Sales invoice creation and posting
- Sales order management
- Item and inventory queries
- Payment tracking
Security Best Practices
- For OAuth
- For Service Principal
Troubleshooting
Connection Failed
Connection Failed
Possible Causes:
- Invalid credentials (Tenant ID, Client ID, or Client Secret)
- Client secret expired
- Missing API permissions
- Admin consent not granted
- Verify credentials are correct
- Generate a new client secret if expired
- Check API permissions in Azure Portal
- Ensure admin consent has been granted
Permission Denied Errors
Permission Denied Errors
Possible Causes:
- Missing required API permissions
- Admin consent revoked
- Resource access restrictions
- User doesn’t have access (OAuth)
- Review and add missing permissions in Azure
- Re-grant admin consent
- Check resource-level permissions
- Verify user has access to the resource
Token Refresh Failed
Token Refresh Failed
Possible Causes:
- Client secret expired
- App registration deleted
- Permissions changed
- User revoked consent (OAuth)
- Generate and update client secret
- Verify app registration still exists
- Review permission changes
- Re-authenticate with OAuth