## OneNote integration Integrating OneNote with Frontegg allows your application to read and manage the signed-in user's OneNote notebooks, sections, and pages — through Frontegg's integration layer using Microsoft OAuth 2.0 and the Microsoft Graph API. Prerequisites - A Microsoft account with access to the [Azure portal](https://portal.azure.com/) - An Azure Active Directory (Microsoft Entra ID) tenant ### Register an application in Azure #### Step 1: Go to App registrations Sign in to the [Azure portal](https://portal.azure.com/) and search for **App registrations** in the top search bar. Click **App registrations** in the results, then click **New registration**. ![App registrations page in Azure portal](/assets/onenote-1.65cb63fda102839b83eb6b1704d5dd0f85f6ede1c4baaf4981c581eaba2c8dde.1ce25488.png) #### Step 2: Register a new application Fill in the registration form: 1. Enter a name for your application (for example, `Frontegg OneNote Integration`). 2. Under **Supported account types**, select **Accounts in any organizational directory (Any Microsoft Entra ID tenant — Multitenant) and personal Microsoft accounts** for multi-tenant apps, or the appropriate option for your use case. 3. Under **Redirect URI**, select **Web** as the platform and enter: ``` https://YOUR_MCP_GATEWAY_URL/integration-callback ``` 4. Click **Register**. ![New application registration form with name, account type, and redirect URI filled in](/assets/onenote-2.2f390fb5838e6c6984f3d807917fbe9ce24fb8f57c561dd6ff3fdf293f82db78.1ce25488.png) #### Step 3: Copy the Application (client) ID and Directory (tenant) ID After registration, you are taken to the application overview page. Copy both the **Application (client) ID** and the **Directory (tenant) ID** — you will need them when configuring the Frontegg portal. ![Application overview page with Application ID and Directory ID highlighted](/assets/onenote-3.92e92b44aabe98bb0bb869c87ba09b92980f5bb692c09a88bd0a6325f3d2f5f9.1ce25488.png) ### Create a client secret #### Step 4: Go to Certificates & secrets In the left sidebar, click **Certificates & secrets**, then click **New client secret**. ![Certificates and secrets page with New client secret button highlighted](/assets/onenote-4.97587b2608c62d2533aad68f72c5f037ecf70ee9c53498a4c01843583e32ec82.1ce25488.png) #### Step 5: Add a description and expiry In the **Add a client secret** panel, enter a description (for example, `Frontegg Integration`) and choose an expiry period. Click **Add**. ![Add a client secret panel with description field filled in](/assets/onenote-5.462d8576741c4439daf58f4e05b388f1770ce0c5a0c7da673e4489c756c2e2fa.1ce25488.png) #### Step 6: Copy the client secret value The new secret appears in the list. Copy the **Value** immediately — it is only shown once. After you navigate away, you cannot retrieve it again. Save your Client Secret now The Client Secret value is only displayed once. After you leave this page, you can only see the secret ID — not the value. Store the value securely before continuing. ![Client secret list showing the new secret with value blurred](/assets/onenote-6.960ed8612a484161de81018244e03e1fd5123ba509e661946420ff698b1e769a.1ce25488.png) ### Configure API permissions #### Step 7: Go to API permissions In the left sidebar, click **API permissions**, then click **Add a permission**. ![API permissions page with Add a permission button highlighted](/assets/onenote-7.c6bbfb3f0967dbf3e10f6302982079710dd09874dce0b277d9d960d521946bb8.1ce25488.png) #### Step 8: Select Microsoft Graph In the **Request API permissions** panel, click **Microsoft Graph**. ![Request API permissions panel with Microsoft Graph highlighted](/assets/onenote-8.ef043802206dd7ac69fb8330ae3e26224a38898a33f6fefa7467aef0dc357b9e.1ce25488.png) #### Step 9: Select delegated permissions Click **Delegated permissions**. Use the search box to find the `Notes` group and expand it, then select the required Notes permissions. Repeat for `offline_access`, then click **Add permissions**. ![Delegated permissions list with Notes scopes selected](/assets/onenote-9.c1d061cb73035360e6b3afe452e6fb02030fa875e920b89c950dd4886500b20c.1ce25488.png) #### Step 10: Verify configured permissions After adding permissions, the **API permissions** page shows all configured permissions under **Microsoft Graph**. ![API permissions page showing the configured OneNote permissions](/assets/onenote-10.96a98ccd40afbf7975e1f7e7f4e9f02e86fd73b0ab704ba65bf036f198d52047.1ce25488.png) ### Configure the Frontegg portal Once you have your **Client ID**, **Client Secret**, and optionally the **Tenant ID**, enter them in the Frontegg portal: 1. Open the **Frontegg portal** and navigate to [ENVIRONMENT] → Integrations → OneNote. 2. Enter the **Client ID** and **Client Secret** in the corresponding fields. 3. Optionally, enter the **Directory (tenant) ID**. Leave blank or use `common` for multi-tenant applications. 4. Select the required **scopes**: | Scope | Description | | --- | --- | | `User.Read` | Sign in and read the signed-in user's profile | | `Notes.Read` | Read the user's OneNote notebooks | | `Notes.ReadWrite` | Read and write the user's OneNote notebooks | | `Notes.Create` | Create the user's OneNote notebooks | | `Notes.Read.All` | Read all OneNote notebooks that the user can access | | `Notes.ReadWrite.All` | Read and write all OneNote notebooks that the user can access | | `offline_access` | Maintain access to data the user has granted | 1. Click **Save**. Keep your credentials secure Never share or commit your Client Secret to version control. ### Additional resources - [Microsoft Graph OneNote API documentation](https://learn.microsoft.com/en-us/graph/api/resources/onenote-api-overview) - [Azure portal](https://portal.azure.com/) - [Microsoft identity platform and OAuth 2.0](https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-auth-code-flow) - [How to get your Redirect URL](/agen-for-work/connectors/redirect-url)