Accessing Outlook via Rulex Platform

This page explains how to access the content of an Outlook account via Rulex Platform connection to Microsoft Graph APIs.

To call Microsoft Graph, an Azure application must obtain an access token from the Microsoft identity platform.

This access token includes information about whether the app is authorized to access Microsoft Graph on behalf of a signed-in user or with its own identity or not. Since the access token validity is short-lived, the identity platform gives also a refresh token, which can be later used to get a new access token without manual intervention.

For security reasons, Rulex Platform allows logging in to Outlook on behalf of a user, meaning that a user should sign in to the program and personally grant access to their data. This is also known as delegate access.

In order to call Microsoft Graph APIs, an Azure application needs to be created and registered with the Microsoft identity platform.

Procedure

  1. Open the Office 365 Admin Center using the account of a user member of the Tenant Global Admins group.

  2. Click on the Azure Active Directory (soon to be renamed into Microsoft Entra ID) link that is available under the Admin centers group in the left-side tree view of the Office 365 Admin Center. In the new browser tab that will be opened, you will find the Microsoft Azure portal.

  3. On the newly opened portal, select the Azure Active Directory section and choose the option App registrations.

  4. In the App registrations tab you will find the list of Azure AD applications registered in your tenant. Click the New registration button in the upper left part of the blade.

  5. Next, provide a name for your application and click on Register at the bottom of the blade.

  6. Now that the application is registered, it then has to grant the API permissions related to Outlook.

  7. Since Rulex Platform supports delegated access, only delegated permissions will be allowed. In particular, the necessary permissions, also called scopes, are:
    • User.Read - Sign in and read user profile

    • Mail.Read - Read user mail

    • Mail.ReadWrite - Read and write access to user mail (useful only for export connections).

    • Mail.Send - Send mail as a user (useful only for export connections).

As the application is registered and ready to interact with Rulex Platform, to configure the Outlook panel in Rulex Platform specify the following parameters:

  • Username: the mail address whose messages need to be read.

  • Client ID: the ID specific to the application (also known as application ID).

  • Authentication: the authentication type. Possible values are:
    • Interactive: users have to manually enter their mail address and password in a popup window. These credentials are used to automatically get a new pair of access token and refresh token.

    • Refresh Token: users enter a valid refresh token to get a new access token.

  • Tenant ID: the tenant ID of the users’ Azure subscription.

If the chosen authentication type is Interactive, it will be possible to save the refresh token for later use as a secret in an Rulex Platform vault.

Use then a vault variable to retrieve it and to use it for example later in a Refresh Token authentication connection type.