Skip to main content
ExLibris

Knowledge Assistant

BETA
  • Subscribe by RSS
    • Back
    campusM

     

    Ex Libris Knowledge Center
    1. Search site
      Go back to previous article
      2. Sign in
        • Sign in
        • Forgot password
    1. Home
    2. campusM
    3. Product Documentation
    4. Managing Product Integrations
    5. Overview
    6. Microsoft Graph API Permissions and campusM Product Integrations

    Microsoft Graph API Permissions and campusM Product Integrations

    1. Last updated
    2. Save as PDF
    3. Share
      1. Share
      2. Tweet
      3. Share
    1. Registering a New Application
    2. Creating a Client Secret
    3. Permissions
    4. Granting Consent
    5. Overview of Product Integrations and Required Permissions
      1. Directory Search
      2. Outlook
      3. Roles

    campusM + cmLibrary Logo wh bkg sm1.png

    Registering a New Application

    A new application must first be registered in Microsoft Azure.

    To register a new application in Microsoft Azure:
    1. From the Microsoft Azure Manage Azure Active Directory section, select View.

      The Manage Azure Active Directory.

      Manage Azure Active Directory
    2. Add an App registration.

      The option to Add an App registration.

      Add an App registration
    3. From the Register an application screen:
      1. Add a Name.
      2. Select the Supported account types Accounts in this organizational directory only (<YOURUSER> - Single tenant).
      3. Select the Web redirect option and add a redirect URI.

        The Redirect URI must be the following: <App URL>/cmauth/oauth/callback.

      4. Select Register. Your application is created.

      The Register an application screen.

      Register an application

    Creating a Client Secret

    After creating an application, you must create a client secret.

    To create a client secret:

    1. Select Manage > Certificates & secrets.

      The option to create Certificates and secrets.

      Certificates & secrets
    2. Select New client secret.

      The option to add a New client secret.

      New client secret
      1. Enter a Description.
      2. Select an Expires after date.
      3. Select Add. Your application credentials are updated.

        The Add a client secret screen.

        Add a client secret
    3. Copy the Value and Secret ID for later use.

      The clients secrets list.

      Client Value and Secret ID

    Permissions

    Permissions must be granted for the Microsoft Graph API in the Microsoft Azure Portal to allow campusM to use the API. Different permissions are required for different campusM product integrations.

    To grant API permissions:

    1. Select Manage > API permissions.

      Select Add a permission.

      The option to add API permissions.

      API permissions

    2. Select Microsoft APIs > Microsoft Graph.

      The option to select Microsoft Graph.

      Microsoft Graph
      1. Select the permission type.

        Ensure that you are using the correct permission type when you are adding the permission. There are two permission types:

        • Application permissions – allow an application to act as its own entity, rather than on behalf of a specific user.
        • Delegated permissions – allow an application to perform actions on behalf of a particular user.
      2. Select the relevant permissions.
      3. Select Add permissions.

        The Request API permissions screen.

        Request API permissions

    The permissions are saved.

    Updated API permissions.

    API permissions

    Granting Consent

    When using Delegated permissions, a user must grant consent to allow the application to access their personal resources. However, it can also be granted by an admin, who can consent to the application accessing the resources for any user who uses the application. When using Application permissions, consent must be granted by an admin.

    Overview of Product Integrations and Required Permissions

    Directory Search

    • Directory Search product integration:
      • The permissions must be added as Application permission
      • microsoft.graph is the specific API call that is used
        • The Permissions section on the List users page states that “one of the following permissions is required to call this API.” We are using the Application permissions type. The permission options from least to most privileged are:
          • User.Read.All
          • User.ReadWrite.All
          • Directory.Read.All
          • Directory.ReadWrite.All
            • Any of the above permissions grant required access
            • We recommend using the least privileged (User.Read.All). Adding just this permission grants the product integration the access it needs.

    Outlook

    • Outlook product integration:
      • These are the specific API calls that are used:
        • GET /me/mailFolders/{id}
        • GET /me/mailFolders
        • GET /me/mailFolders/{id}/messages
        • GET /me/messages/{id}
        • GET /me/messages/{id}/attachments
        • GET /me/messages
        • POST /me/messages/{id}/move
        • POST /me/sendMail
        • POST /me/messages/{id}/send
      • Required permissions:
        • No permissions need to be directly added in the Microsoft Azure Portal.
          • Test the OAuth profile
          • Grant consent

            Permissions.png

            • The user grants consent during login.
          • Verify from the Microsoft Azure Portal that the permissions were added (the same permissions listed in the Integration Profile).
          • The following Application permissions are required:
            • email
            • Mail.Read
            • Mail.ReadWrite
            • Mail.Send
            • offline_access
            • User.Read

    Roles

    • Roles product integration:
      • The permission must be added as Application permissions
      • List memberOf is the specific API call that is being used
      • The following Application permissions are required:
        • Directory.Read.All
        • Group.Read.All
        • User.Read.All
      • Descriptions for adding these permissions:
        • User.Read.All and Group.Read.All – if you are managing the roles in groups.
        • Directory.Read.All – if you are managing the roles in Directory Roles.
    View article in the Exlibris Knowledge Center
    1. Back to top
      • Upcoming Product Integrations
      • Vendors
    • Was this article helpful?

    Recommended articles

    1. Article type
      Topic
      Content Type
      Documentation
      Language
      English
      Product
      campusM
    2. Tags
      This page has no tags.
    1. © Copyright 2025 Ex Libris Knowledge Center
    2. Powered by CXone Expert ®
    • Term of Use
    • Privacy Policy
    • Contact Us
    2025 Ex Libris. All rights reserved