Loading
Feature Disruption - Service Cloud VoiceRead More
Feature degradation | Gmail Email delivery failureRead More
Sales Productivity
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            OAuth 2.0 Connection for Microsoft Users

            You are here:

            1. Salesforce Help
            2. Docs
            3. Seller Productivity

            OAuth 2.0 Connection for Microsoft Users

            Connecting with OAuth 2.0 is available for Lightning Sync users working from Microsoft® Office 365®. To learn more, see the Lightning Sync system requirements.

            Requirement Why it’s required Benefit to you
            Lightning Sync automatically requests its scope of access to all aspects of your users’ Exchange mailbox and its resources. While OAuth 2.0 provides access to more objects in your email service, Microsoft sets the breadth of that scope. Neither Salesforce nor Microsoft admins can adjust it. However, Lightning Sync can only read, write, and update contacts and events from users’ email services. Lightning Sync isn’t designed to discover or access other objects.

            Minimal setup is required to connect your applications using this method.

            This method provides access to users’ Microsoft contacts and events without individual user authentication. As a result, sync between the applications remains consistent, and data is reliably updated in both systems without dependency on the user.
            Your company’s Microsoft admin must provide access to Microsoft Office 365 from an account with global administrator permissions and accept Lightning Sync access to Microsoft.

            After electing to connect using OAuth 2.0, you’re redirected to https://login.microsoftonline.com to log in to your Office 365 email service. This site is the Azure Active Directory portal for customers on global infrastructure databases, also known as Global Services. From the portal, you provide your global administrator credentials and accept permission to let Lightning Sync access your Microsoft account. This design ensures that your global administrator credentials are never stored in Salesforce.

            Next, you’re redirected to the Outlook Integration and Sync page in Salesforce Setup, where your Microsoft Azure tenant ID is stored. Behind the scenes, Salesforce obtains an access token to your Microsoft account. The access token is required to gain read, update, create, or delete access to Microsoft contacts or events.

            Learn More

            Working hand-in-hand with the predetermined scope requirement, this method provides access to users’ Microsoft contacts and events without individual user authentication. This benefit provides a sync experience with fewer interruptions. Several measures provide security for your data during transfer and within Salesforce.

            • By design, your Azure tenant secrets are never in transmission with the OAuth 2.0 connection method. Instead, Salesforce handles the management of both public and private keys.
            • Your Microsoft tenant ID is encrypted at rest. It’s visible only from the Outlook Integration and Sync page, so only Salesforce admins (or other users with Setup access) can see it. Plus, without signed Salesforce verification, interception of your tenant ID can’t provide access to your Microsoft account.
            • The access token is securely transferred from your Microsoft account to Salesforce over a TLS connection. The token is encrypted, and expires every hour. New tokens are always transferred over a TLS connection.

            Completing this process in no way provides impersonation rights to your global administrator account.

            See Also

             
            Loading
            Salesforce Help | Article