This section provides you with information about how to configure Microsoft 365 Connections to allow users to send documents for review using Microsoft 365. 

Prerequisites

  • Microsoft 365 E3 or E5 subscription.
  • Azure Client ID, Client Secret, and Active Directory. Contact your IT administrator for these.

Configure one of the following flows in the Azure app

To configure the delegated permission flow

  1. In the authentication tab from the Azure app that you had created in the previous configuration, add URI with the instance URL of the org and with the suffix as /apex/apttus__MSAuthorize.
    Sample value: https://test–tbox.my.salesforce.com/apex/apttus__MSAuthorize
  2. Select API permission under API Permission > Add permission > Microsoft Graph > Delegated Permission.
  3. Provide the following permissions for Microsoft Graph APIs:
    • Directory.Read.All

    • Files.ReadWrite.All

    • Sites.Read.All

  4. On the API Permissions page, click Grant admin consent for the permissions where Admin consent required is marked as Yes.

To configure the application permission flow

  1. Select API permission under API Permission > Add permission > Microsoft Graph > Application Permission.
  2. Provide the following permissions for Microsoft Graph APIs:
    • Directory.Read.All
    • Files.ReadWrite.All
    • Sites.Read.All
  3. On the API Permissions page, click Grant admin consent for the permissions where Admin consent required is marked as Yes.

(Optional) To configure a specific SharePoint site

  1. Create a SharePoint Communication Site. For more information, see Create a Site in SharePoint.

    You must use the site name from the URI as shown in the screenshot when you are configuring SharePoint 365 Site Setting in CLM.

To configure the Microsoft 365 Connections

  1. Click the app launcher () and select Admin Console.
  2. In the left panel, click Integrations.
  3. Click the Microsoft 365 Connections tab.
  4. Click New.
  5. Enter the following details to connect to Microsoft 365:
    1. Name: Enter Microsoft365.

    2. MS Login URL: Enter the Microsoft 365 login URL to connect to the service. To find Tenant Id, see How to find your Azure Active Directory tenant ID.
      Sample value: https://login.microsoftonline.com/<TenantID>/oauth2/v2.0/

    3. MS Graph URL: Enter the Microsoft 365 URL to connect to the service. 
      Value: https://graph.microsoft.com/v1.0/

    4. Scope: Enter the scope to be used in the Microsoft 365 Graph API.

      Ensure you add appropriate values per the configured authentication flow.


      For application flow (Permit Delegation is disabled in the Microsoft 365 setting): https://graph.microsoft.com/.default
      For delegated flow (Permit Delegation is enabled in the Microsoft 365 setting):
      offline_access Files.ReadWrite.All

    5. Client Id: Enter the client ID. (Refer to step 7 in the previous configuration)
      Sample value: 8m7r4**d-****-4c**-b4d8-e4a6b***79b

    6. Client Secret: Enter the client secret. (Refer to step 11 in the previous configuration)
      Sample value: taiLWUY*****38&7B%400$5234c***UY%

    7. Show Client Secret: Select the checkbox to expose the Client Secret field value.

    8. SharePoint Site: Enter the Microsoft SharePoint Site you use for Microsoft 365 review. (Ensure you do not enter the site URL. For more information, see SharePoint Site Configuration.)
      Sample value: CLMsite

      The system uses the organization's default site if no SharePoint site is configured.

    9. Folder Path: Enter the folder path to upload documents to SharePoint.
      Sample value: ContractDocuments

      If the folder path is blank, the system creates a folder named "Conga CLM Temp Folder" to store the documents to be reviewed.

    10. Permit Delegation: After you log in to Microsoft, select the Permit Delegation checkbox, enabling users to grant delegate access.

      Select the Permit Delegation checkbox only if you configured your Azure app for delegated flow.

      Enabling the Permit Delegation toggle button also ensures that only authorized users send out the documents for review. Users are prompted for Microsoft email address and password, if they have logged out from their Microsoft account or if the token is expired.

  6. Click Test Connection when the setting is active to check if all the entered values are correct.
  7. Click Save.