Microsoft OAuth

By default, your integration uses postpress's OAuth credentials. If you want a full white-label experience when end users connect their Microsoft account from your app, create and use your own Microsoft OAuth credentials by registering an app in Microsoft Entra ID. This is optional and requires extra setup.

Create your free Microsoft Entra ID account

If you don't already have one, create your free Microsoft Entra ID account. You will use this account to create the Microsoft developer application used for authenticating end users via OAuth with postpress.

Creating an app registration

  • Log in to portal.azure.com and go to the Microsoft Entra ID (previously Azure Active Directory) service.
  • Click on "New registration".
  • You will be presented with the registration screen.
  1. Name your app (this name will be visible to customers).
  2. Set the audience for this app to the second option - "Accounts in any organizational directory (Any Microsoft Entra ID - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)" - to be able to log in to any Office 365 account (business and personal).

Specifying redirect URI

Head to the "Authentication" panel and click "Add URI" on the Web part. You need to add 2 URLs:

  • https://api.postpress.ai/api/v1/hosted/microsoft_auth_request_callback
  • https://api.postpress.ai/api/v1/hosted/microsoft_auth_request_callback/port443

Specifying API permissions

Ensure your app has the correct API permissions:

  • Head to the "API permissions" panel and click "Add a permission".
  • Choose the Microsoft Graph set of permissions.
  • Then add all required Delegated permissions: Mail.ReadWrite, Mail.Send, Mail.Read.

To use the Calendar feature, you will also need these scopes:

  • Calendars.ReadWrite
  • Calendars.Read
  • Calendars.Read.Shared
  • Calendars.ReadWrite.Shared

You will need to add them in your dashboard scopes settings too.

Creating OAuth credentials

  • Head to the "Certificates & secrets" panel and click "New client secret".
  • Name the secret and set an expiration date of "730 days (24 months)", then click "Add" (set a reminder on your side to avoid interruption).
  • Copy the secret (column "Value") to a safe place. You won't be able to retrieve it from this page afterward.

Configure postpress to use your Microsoft OAuth credentials

Go to the postpress dashboard and log in.

Choose the Settings menu and switch to the Microsoft OAuth part.

Copy-paste the Application (Client) ID from the Overview page and the secret (value) from the Client secrets page, then click "Save".

You are now all set to start connecting Microsoft accounts to postpress.

Becoming a verified publisher

Verified publisher status removes the unverified-app warning from the consent prompt. Personal and professional Microsoft accounts will see your app as trusted.

Create an account

  • Become a verified member of the Microsoft Partner Network (MPN): partner.microsoft.com.
  • In the first step, choose the "Partner" option, and on the next page select "Microsoft AI Cloud Partner Program." If you can't select "Microsoft AI Cloud Partner Program," it is because you need a work account. If your company does not have a Microsoft subscription, you need to create one by following the steps in the "To create a new tenant" section of this Microsoft tutorial. You will need a bank card, but you can choose the option not to be invoiced (only for usage you will not use). Complete the process by creating a user on your new tenant, for example partner@yourcompany.onmicrosoft.com, and restart the partner process with this account.
  • Complete all your company information.

Verify your domain

Create a file named microsoft-identity-association.json and host it on your website at https://YOUR_DOMAIN.com/.well-known/microsoft-identity-association.json.

{
  "associatedApplications": [
    {
      "applicationId": "replace-me-with-your-app-id-client"
    }
  ]
}

Click Verify and save the domain.

Add your Partner Global Account (PGA) ID to your Azure app

  • Find your PGA ID following these instructions.
  • From the Azure portal home page, go to "App Registrations".
  • Click on your app and click "Branding & properties".
  • At the bottom of the page, enter your ID and click "Save".

When all is completed, a blue checkmark appears next to your publisher display name in the Publisher Verification section.

You can find more details on this page of the Microsoft documentation.

If your end user encounters the "Administrator approval required" screen

Method 1 - Approve the admin consent request in Microsoft Entra

If the user sees "Administrator approval required", it means the required consent has not been granted at the tenant level.

A Microsoft administrator must review and approve the pending admin consent request in Microsoft Entra.

Microsoft documentation: Review admin consent requests.

Method 2 - Complete the OAuth login as an admin and grant tenant-wide consent

As an alternative, the Microsoft administrator can start the OAuth login flow directly from the customer application (where the Microsoft OAuth login is implemented).

During the Microsoft authorization step, the admin must tick the checkbox "Consent on behalf of your organization".

This grants consent for the whole organization / all users, which prevents the "Administrator approval required" prompt for other users.

Microsoft documentation (Admin consent section): Troubleshoot consent issues.

Updated May 2026