App Registration

Setup
Reference

What You'll Need

Credential	Description
Tenant ID	Azure AD tenant identifier
Client ID	Application (client) ID
Client Secret	Generated client secret

Overview

Create an Azure AD app registration to connect Parable to Microsoft 365 using OAuth 2.0 client credentials. This enables secure, automated access without user sign-in.

Prerequisites

Administrator access required. You need privileges in to complete this setup.If you don’t have admin access, contact your administrator to:

Create the API credentials on your behalf, OR
Grant you temporary admin access to complete the setup

Global Administrator or Application Administrator role in Azure AD
Permission to grant admin consent for API permissions

Setup Guide

Access Azure Portal

Navigate to Azure Portal
Go to Azure Active Directory → App registrations
Click New registration

Field	Value
Name	`Parable Integration`
Supported account types	Accounts in this organizational directory only
Redirect URI	Leave blank (not needed for client credentials)

Click Register

Note Application Details

From the Overview page, copy:

Application (client) ID
Directory (tenant) ID

Create Client Secret

Go to Certificates & secrets
Click New client secret
Add description: Parable Integration Secret
Select expiration (recommend: 24 months)
Click Add

Copy the secret Value immediately — it won’t be shown again!

Configure API Permissions

Go to API permissions
Click Add a permission → Microsoft Graph
Select Application permissions
Add these permissions:

Permission	Purpose
`User.Read.All`	Read all user profiles
`Directory.Read.All`	Read directory data
`AuditLog.Read.All`	Read audit logs
`Reports.Read.All`	Read usage reports
`Mail.Read`	Read mail (if needed)
`Calendars.Read`	Read calendars (if needed)

Grant Admin Consent

Click Grant admin consent for [Your Org]
Confirm the consent dialog

All permissions should show a green checkmark indicating consent was granted.

Need to restrict access?

By default, this grants access to all users in your tenant. See Scoped Access to limit Parable to specific users or teams.

Verify Your Setup

curl -X POST "https://login.microsoftonline.com/{TENANT_ID}/oauth2/v2.0/token" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "client_id={CLIENT_ID}" \
  -d "client_secret={CLIENT_SECRET}" \
  -d "scope=https://graph.microsoft.com/.default" \
  -d "grant_type=client_credentials"

Success! If you received a 200 OK response with valid data, your credentials are configured correctly. You can now proceed to configure this connector in Parable.

Permissions Reference

Permission	Data Accessed
`User.Read.All`	User profiles, managers, photos
`Directory.Read.All`	Groups, org hierarchy, devices
`AuditLog.Read.All`	Sign-in logs, directory audits
`Reports.Read.All`	Usage reports (Teams, Email, OneDrive)
`Mail.Read`	Email metadata and content
`Calendars.Read`	Calendar events and availability

Rate Limits: enforces rate limits of .Parable handles rate limiting automatically with exponential backoff, but initial syncs of large datasets may take longer due to these limits.

Troubleshooting

Error	Meaning	Solution
`AADSTS700016`	App not found	Verify Client ID and Tenant ID
`AADSTS7000215`	Invalid client secret	Regenerate client secret
`AADSTS65001`	Consent not granted	Grant admin consent for permissions
`403 Forbidden`	Missing permission	Add required API permission and grant consent

Common Issues

”Insufficient privileges to complete the operation”

Ensure admin consent was granted for all required permissions. Check API permissions in the app registration.

Token expires quickly

Access tokens are valid for ~1 hour. Implement proper token refresh using the client credentials flow.

Connectors

Encryption