Create and Configure OAuth App for Modern Exchange Connector (Graph) in Microsoft Entra (Azure)

To create a Microsoft Modern Exchange Connector (Graph) Azure application for Riva:

Register an application.
Configure the authentication.
Set the API permissions.

Step 1: Register an Application

Log in to the Entra portal as your company's Riva connection user, for example, our-Riva-admin@our-domain.com.
From the Portal, select App Registrations, and click New Registration.
In the Name field, enter the application's title.
At the bottom of the pane, select Register.

Result: The application is created.

Locate the Application (client) ID and the Directory (Tenant) ID, and copy them.

Note: It will be used as the Client ID and Tenant ID in the connection.

Step 2: Configure the Authentication

Authentication Tab

On the left menu, under Manage, select the Authentication tab.
Under Platform Configurations, select Add a Platform.
On the Configure platforms pane that appears to the right, select Mobile and desktop applications.
On the Configure Desktop + devices pane that appears, below Custom redirect URIs, add a custom URI.

Note: The custom URI can be whatever you want & it will be used as the Redirect URL in the connection later. (Example - myapp://auth)
At the bottom of the pane, select Configure.

Certificates & Secrets Tab

Depending on the type of authentication you wan you can setup:

For Client Secret, follow the steps in Create and Configure a new Client Secret
For EWS-based connections, refer to Create and Configure a new Self-Signed Certificate

Create and Configure a new Client Secret

On the left menu, select the Certificates & Secrets tab.
On the Certificates & Secrets pane that appears to the right, below Client Secrets, select New Client Secret.
Enter a name for the client secret, set the expiry date, and select Add.

Note: Setting a custom expiry beyond 24 months is not applicable.

Copy the Value to a secure place. Note: It will be used as the Client Secret in the connection.

WARNING: After leaving this page, you can no longer retrieve this value.

Create and Configure a new Self-Signed Certificate

On Windows Server 2016+ use PowerShell's New-SelfSignedCertificate cmdlet to create a self-signed certificate:

Open PowerShell as an administrator.
Run the following command, replacing "YourCertificateName" with your desired certificate name (e.g., "RivaSyncOAuth"):
```
New-SelfSignedCertificate -Subject "YourCertificateName" -CertStoreLocation "Cert:\LocalMachine" -KeyExportPolicy Exportable -KeySpec Signature -HashAlgorithm sha256 -KeyLength 2048
```
Optionally, you can append -NotAfter (Get-Date).AddYears(3) to the command to make the certificate valid for 3 years. To extend or shorten the certificate validity period, change the value in AddYears(n) accordingly.
Note the certificate name and store location for use in configuring the Riva OAuth connection.
Close PowerShell.

Note that on Windows Server 2012, the Microsoft PowerShell New-SelfSignedCertificate cmdlet cannot be used to generate a self-signed certificate for the Riva Graph connection to Office 365.

Step 3: Set the API Permissions

On the left menu, select the API permissions tab.
Select Add a Permission, and then select Microsoft Graph and Application Permissions.
1. To know more about permissions required by Riva or to limit permissions, see Microsoft Modern Exchange Connector (Graph): Permissions and Granting Consent.
2. On the permissions list, select Calendars.ReadWrite, Contacts.ReadWrite, GroupMember.Read.All, Mail.Send, Mail.ReadWrite, MailboxSettings.ReadWrite, Tasks.ReadWrite.All and User.Read.All and then select Add permissions.
  1. User.Read is a delegated permission and is added by default, and is assigned automatically on app creation; all others are application permissions.
Select the Grant admin access for [the name of your app] check box, and then click Yes.

The Status on all of the permissions will be set to "Granted for [the name of your app]".

Related to

graph