Integrating Microsoft Excel with Frontegg allows your application to read and manage the signed-in user's Excel workbooks stored on OneDrive or SharePoint — through Frontegg's integration layer using Microsoft OAuth 2.0 and the Microsoft Graph API. Excel files are accessed through Microsoft Graph drive items, so the integration uses the Files.* permission set rather than Excel-specific scopes.
Prerequisites
Prerequisites
- A Microsoft account with access to the Azure portal
- An Azure Active Directory (Microsoft Entra ID) tenant
Sign in to the Azure portal and search for App registrations in the top search bar. Click App registrations in the results, then click New registration.
Fill in the registration form:
- Enter a name for your application (for example,
Frontegg Excel Integration). - Under Supported account types, select Accounts in any organizational directory (Any Microsoft Entra ID tenant — Multitenant) and personal Microsoft accounts for multi-tenant apps, or the appropriate option for your use case.
- Under Redirect URI, select Web as the platform and enter:
https://YOUR_MCP_GATEWAY_URL/integration-callback - Click Register.
After registration, you are taken to the application overview page. Copy both the Application (client) ID and the Directory (tenant) ID — you will need them when configuring the Frontegg portal.
In the left sidebar, click Certificates & secrets, then click New client secret.
In the Add a client secret panel, enter a description (for example, Frontegg Integration) and choose an expiry period. Click Add.
The new secret appears in the list. Copy the Value immediately — it is only shown once. After you navigate away, you cannot retrieve it again.
Save your Client Secret now
Save your Client Secret now
The Client Secret value is only displayed once. After you leave this page, you can only see the secret ID — not the value. Store the value securely before continuing.
In the left sidebar, click API permissions, then click Add a permission.
In the Request API permissions panel, click Microsoft Graph.
Click Delegated permissions. Use the search box to find the Files group and expand it, then select the required Files permissions. Repeat for offline_access, then click Add permissions.
After adding permissions, the API permissions page shows all configured permissions under Microsoft Graph.
Once you have your Client ID, Client Secret, and optionally the Tenant ID, enter them in the Frontegg portal:
- Open the Frontegg portal and navigate to [ENVIRONMENT] → Integrations → Microsoft Excel.
- Enter the Client ID and Client Secret in the corresponding fields.
- Optionally, enter the Directory (tenant) ID. Leave blank or use
commonfor multi-tenant applications. - Select the required scopes:
| Scope | Description |
|---|---|
User.Read | Sign in and read the signed-in user's profile |
Files.Read | Read the user's files |
Files.ReadWrite | Have full access to the user's files |
Files.Read.All | Read all files that the user can access |
Files.ReadWrite.All | Have full access to all files the user can access |
offline_access | Maintain access to data the user has granted |
- Click Save.
Keep your credentials secure
Keep your credentials secure
Never share or commit your Client Secret to version control.