What You'll Need Credential What it is Tenant ID Azure AD tenant identifier Client ID Application (client) ID Client Secret Generated client secret
Overview Create an Azure AD app registration to connect Parable to Microsoft 365 using OAuth 2.0 client credentials. This enables secure, automated access without user sign-in. Prerequisites Setup access in . These steps require , or a colleague with equivalent permissions who can create credentials for you.If that is not you, ask your administrator.
Global Administrator or Application Administrator role in Azure ADPermission to grant admin consent for API permissions
Setup Guide
Access Azure Portal
Navigate to Azure Portal
Go to Azure Active Directory → App registrations
Click New registration
Register Application
Field Value Name Parable IntegrationSupported account types Accounts in this organizational directory only Redirect URI Leave blank (not needed for client credentials)
Click Register
Note Application Details
From the Overview page, copy:
Application (client) ID Directory (tenant) ID
Create Client Secret
Go to Certificates & secrets
Click New client secret
Add description: Parable Integration Secret
Select expiration (recommend: 24 months)
Click Add
Copy the secret Value immediately — it won’t be shown again!
Configure API Permissions
Go to API permissions
Click Add a permission → Microsoft Graph
Select Application permissions
Add these permissions:
Permission Purpose User.Read.AllRead all user profiles Directory.Read.AllRead directory data AuditLog.Read.AllRead audit logs Reports.Read.AllRead usage reports Mail.ReadRead mail (if needed) Calendars.ReadRead calendars (if needed)
Grant Admin Consent
Click Grant admin consent for [Your Org]
Confirm the consent dialog
All permissions should show a green checkmark indicating consent was granted.
Enter values in the form
Tenant ID , Client ID , and Client Secret : Paste the Directory (tenant) ID, Application (client) ID, and client secret value.Click Save & test connection .
Need to restrict access? By default, this grants access to all users in your tenant. See Scoped Access to limit Parable to specific users or teams.
Verify Your Setup Get Access Token
Test API Access
curl -X POST "https://login.microsoftonline.com/{TENANT_ID}/oauth2/v2.0/token" \ -H "Content-Type: application/x-www-form-urlencoded" \ -d "client_id={CLIENT_ID}" \ -d "client_secret={CLIENT_SECRET}" \ -d "scope=https://graph.microsoft.com/.default" \ -d "grant_type=client_credentials"
Success! If you received a 200 OK response with valid data, your credentials are configured correctly. You can now proceed to configure this connector in Parable.
Enter Tenant ID , Client ID , and Client Secret in the connector form, then click Save & test connection .
Permissions Reference Permission Data Accessed User.Read.AllUser profiles, managers, photos Directory.Read.AllGroups, org hierarchy, devices AuditLog.Read.AllSign-in logs, directory audits Reports.Read.AllUsage reports (Teams, Email, OneDrive) Mail.ReadEmail metadata and content Calendars.ReadCalendar events and availability
Rate Limits: enforces rate limits of .Parable handles rate limiting automatically with exponential backoff, but initial syncs of large datasets may take longer due to these limits.
Troubleshooting Error Meaning Solution AADSTS700016App not found Verify Client ID and Tenant ID AADSTS7000215Invalid client secret Regenerate client secret AADSTS65001Consent not granted Grant admin consent for permissions 403 ForbiddenMissing permission Add required API permission and grant consent
”Insufficient privileges to complete the operation” Ensure admin consent was granted for all required permissions. Check API permissions in the app registration. Token expires quickly Access tokens are valid for ~1 hour. Implement proper token refresh using the client credentials flow. Additional Resources
Microsoft Graph API Official Graph API documentation
App Registration Azure AD app registration guide
