## Outlook integration

Integrating Outlook with Frontegg allows your application to read, send, and manage email messages, organize mail folders, access contacts, and read mailbox settings — all through Frontegg's integration layer using Microsoft OAuth 2.0 and the Microsoft Graph API.

Prerequisites
- A Microsoft account with access to the [Azure portal](https://portal.azure.com/)
- An Azure Active Directory (Microsoft Entra ID) tenant


### Register an application in Azure

#### Step 1: Go to App registrations

Sign in to the [Azure portal](https://portal.azure.com/) and search for **App registrations** in the top search bar. Click **App registrations** in the results, then click **New registration**.

![App registrations page in Azure portal](/assets/outlook-1.ed83eb6671611282ae2e6b64f264d112ab7a1385f00869224099ef261fa511cc.1ce25488.png)

#### Step 2: Register a new application

Fill in the registration form:

1. Enter a name for your application (for example, `Frontegg Outlook Integration`).
2. Under **Supported account types**, select **Accounts in any organizational directory (Any Microsoft Entra ID tenant — Multitenant)** for multi-tenant apps, or the appropriate option for your use case.
3. Under **Redirect URI**, select **Web** as the platform and enter:

```
https://YOUR_MCP_GATEWAY_URL/integration-callback
```
4. Click **Register**.


![New application registration form with name, account type, and redirect URI filled in](/assets/outlook-2.53f8281479a61618ec17a0d36d24f5c8c676a6c23c2c97d1b69108fcc3b8a003.1ce25488.png)

#### Step 3: Copy the Application (client) ID and Directory (tenant) ID

After registration, you are taken to the application overview page. Copy both the **Application (client) ID** and the **Directory (tenant) ID** — you will need them when configuring the Frontegg portal.

![Application overview page with Application ID and Directory ID highlighted](/assets/outlook-3.fac9d338db9bd5bc14b596a875eda6d3804949440559ad1df83e195e1ce202f7.1ce25488.png)

### Create a client secret

#### Step 4: Go to Certificates & secrets

In the left sidebar, click **Certificates & secrets**, then click **New client secret**.

![Certificates and secrets page with New client secret button highlighted](/assets/outlook-4.d3010028c07a11d62d0f1887ca378cef020b2cb0fcfb87b4279b4013b6ffd086.1ce25488.png)

#### Step 5: Add a description and expiry

In the **Add a client secret** panel, enter a description (for example, `Frontegg Integration`) and choose an expiry period. Click **Add**.

![Add a client secret panel with description field filled in](/assets/outlook-5.91999a1cb367caf70b1fb73b437e33b3f32a724dcdd42b8fd533189fb2e4c4a2.1ce25488.png)

#### Step 6: Copy the client secret value

The new secret appears in the list. Copy the **Value** immediately — it is only shown once. After you navigate away, you cannot retrieve it again.

Save your Client Secret now
The Client Secret value is only displayed once. After you leave this page, you can only see the secret ID — not the value. Store the value securely before continuing.

![Client secret list showing the new secret with value blurred](/assets/outlook-6.f55f529943985b40106596732cf9c3b5ea872ccdf8550a443bcf6c65c41d131a.1ce25488.png)

### Configure API permissions

#### Step 7: Go to API permissions

In the left sidebar, click **API permissions**, then click **Add a permission**.

![API permissions page with Add a permission button highlighted](/assets/outlook-7.5e72b7b9d79b39a36b228de9856558dc2170674d3c1890ed8b5da208d46df83a.1ce25488.png)

#### Step 8: Select Microsoft Graph

In the **Request API permissions** panel, click **Microsoft Graph**, then click **Delegated permissions**.

![Request API permissions panel with Microsoft Graph highlighted](/assets/outlook-8.3b89c283fb395bd710f7af5a529fb254aab3a7ed372d4ae1315b4a798be82999.1ce25488.png)

#### Step 9: Select delegated permissions

Expand the **Mail** group and select the permissions your application requires. Repeat for **Contacts**, **MailboxSettings**, and any other groups you need. When finished, click **Add permissions**.

![Delegated permissions list with Mail.Read, Mail.ReadWrite, and Mail.Send selected](/assets/outlook-9.394ffe3aebfa2d87ad3ffeaabfedaebe7067ac53fd5aed115eb0023e59fb6fd0.1ce25488.png)

### Configure the Frontegg portal

Once you have your **Client ID**, **Client Secret**, and optionally the **Tenant ID**, enter them in the Frontegg portal:

1. Open the **Frontegg portal** and navigate to [ENVIRONMENT] → Integrations → Outlook.
2. Enter the **Client ID** and **Client Secret** in the corresponding fields.
3. Optionally, enter the **Directory (tenant) ID**. Leave blank or use `common` for multi-tenant applications.
4. Select the required **scopes**:


| Scope | Description |
|  --- | --- |
| `Mail.Read` | Read user mail |
| `Mail.ReadWrite` | Read and write access to user mail |
| `Mail.Send` | Send mail as a user |
| `Mail.Read.Shared` | Read user and shared mail |
| `Mail.ReadWrite.Shared` | Read and write user and shared mail |
| `Mail.Send.Shared` | Send mail on behalf of others |
| `MailboxSettings.Read` | Read user mailbox settings |
| `MailboxSettings.ReadWrite` | Read and write user mailbox settings |
| `MailFolders.Read` | Read user mail folders |
| `MailFolders.ReadWrite` | Read and write user mail folders |
| `Contacts.Read` | Read user contacts |
| `Contacts.ReadWrite` | Read and write user contacts |
| `Contacts.Read.Shared` | Read user and shared contacts |
| `Contacts.ReadWrite.Shared` | Read and write user and shared contacts |
| `User.Read` | Sign in and read user profile |
| `User.ReadBasic.All` | Read all users' basic profiles |


1. Click **Save**.


Keep your credentials secure
Never share or commit your Client Secret to version control.

### Additional resources

- [Microsoft Graph Mail API documentation](https://learn.microsoft.com/en-us/graph/api/resources/mail-api-overview)
- [Microsoft Graph permissions reference](https://learn.microsoft.com/en-us/graph/permissions-reference)
- [Azure portal](https://portal.azure.com/)
- [Microsoft identity platform and OAuth 2.0](https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-auth-code-flow)
- [How to get your Redirect URL](/agen-for-work/connectors/redirect-url)