Skip to content

Microsoft Exchange Query authentication guide

This is a step-by-step guide to acquiring credentials for authorizing the Microsoft Exchange Query component for use in Matillion ETL.

  • The Microsoft Exchange Query connector uses OAuth for third-party authentication.
  • While connector properties may differ between cloud data warehouses, the authentication process remains the same.
  • Most third-party apps and services that connect to Microsoft data can be set up for use in Matillion ETL through the Microsoft Azure Portal using much of the same process.

Prerequisites

Begin by creating an OAuth entry in Matillion ETL, as described in Manage OAuth. You should then configure this OAuth entry using the Azure credentials, obtained as described below.

Follow the steps in Acquiring Azure credentials to access the Azure portal and create credentials. Then continue as per the instructions below.

Configuring Microsoft Graph API

  1. In the Request API permissions panel, click Microsoft Graph in the list of Microsoft APIs.
  2. This will open the Microsoft Graph panel. Select Delegated permissions and then select the following permissions from the list below. It may be more convenient to use the search bar to locate them. After you have added all of the required permissions, click Add permissions.
    • Calendars.ReadWrite.Shared
    • Contacts.ReadWrite
    • Group.Read.All
    • Group.ReadWrite.All
    • Mail.ReadWrite.Shared.
    • User.ReadWrite.All
  3. Click Expose an API in the menu on the left.
  4. Before a scope can be added, an Application ID URI will need to be set. The application ID URI is a URI that uniquely identifies the application in your Azure Active Directory. Click Set to the right of the Application ID URI field and replace the suggested URI with your preferred URI to be associated with the app, then click Save.
  5. Click + Add a scope. The Add a scope panel will appear on the right. Provide details for the following required fields:
    • Scope name: A display name for the scope when access to the API is requested. Best practice dictates using a <resource.operation.consent> name structure.
    • Who can consent? Select which users can consent to this scope in directories where user consent is enabled: Admins and users, or Admins only.
    • Admin consent display name: A name for the scope to be displayed on admin consent screens.
    • Admin consent description: A detailed description for the scope to be displayed on admin consent screens.
    • User consent display name: A name for the scope to be displayed on user consent screens.
    • User consent description: A detailed description for the scope to be displayed on user consent screens.
  6. Click Add scope.
  7. Now return to the Manage OAuth dialog in Matillion ETL to complete the OAuth configuration.