Microsoft Integration
Contents
- What can you do with a Dado-Microsoft integration?
- What data is exchanged between Dado and Microsoft?
- How to set up the Microsoft integration
What can you do with a Dado-Microsoft integration?
The Dado <> Microsoft integration allows you to:
- Import users from an Excel Online spreadsheet
- Write answers given during an Experience to Excel Online spreadsheets
- Upload files provided during an Experience to a OneDrive or Sharepoint folder
- Create Outlook calendar events for Experience Participants
- Invite employees to Outlook calendar events
- Add employees to Teams and groups
Using Microsoft's Entra SSO (fka Azure SSO) with Dado requires a separate set-up, described here: Setting up Microsoft Entra SSO
What data is exchanged between Dado and Microsoft?
Dado's access to data in your Microsoft is limited by the permissions granted to the user who sets up the integration (see "Create a dedicated Microsoft account for Dado" below). For clarity, we'll refer to this as the "dedicated Microsoft account" in the rest of this section.
As a consequence, it's easy to precisely define the access Dado has by configuring the integration user's permissions in Microsoft's user management tool.
When all the requested scopes are granted (see list below), the following data from Microsoft is accessible to Dado:
- The email address of the dedicated Microsoft account
- Basic profile data for all users
- Any files and folders in Onedrive/Sharepoint which are viewable by the dedicated Microsoft account
- The name, description and settings of any teams and channels the dedicated Microsoft account can access
- The name and membership of any groups the dedicated Microsoft account can access
- A full list of the calendars accessible to the dedicated Microsoft account
- The name, date & time, invitees and description of events in any calendars accessible to the dedicated Microsoft account
When all the requested scopes are granted (see list below), the following data from Dado is accessible to Microsoft:
- User data that is configured to write to Excel Online, via sub-task data destination settings (read more about this)
- the data destination settings enable you to specify exactly which data is sent to Excel Online
- the only exception here is Dado's unique ID for that user, which will be sent along with any other data. This is a non-identifiable ID made of randomly generated numbers and symbols, such as "QZ2swz-LKJT"
- Documents uploaded by users in response to 'Upload file' sub-tasks
- this only applies if the sub-task settings are configured to send these files to Onedrive/Sharepoint
Permissions and Scopes requested by Dado
- openid
- profile
- offline_access
- https://graph.microsoft.com/Calendars.ReadWrite.Shared
- https://graph.microsoft.com/Channel.Create
- https://graph.microsoft.com/ChannelMember.ReadWrite.All
- https://graph.microsoft.com/ChannelSettings.Read.All
- https://graph.microsoft.com/Files.ReadWrite.All
- https://graph.microsoft.com/GroupMember.ReadWrite.All
- https://graph.microsoft.com/User.Read
- https://graph.microsoft.com/User.ReadBasic.All
- https://graph.microsoft.com/Sites.ReadWrite.All
How to set up the Microsoft integration
1. Create a dedicated Microsoft user account for Dado
Requirements for this account
- No Admin permissions are required – although a user with Global Admin permissions will be required later in the integration process (see step 3 below)
- We recommend that the people managing Dado at your organization have the ability to log in to the email inbox of this account, to enable calendar set-up (see step 4 below).
- if this is not possible, then the person who does have access to this account will need to be available to receive and respond to calendar permissions emails in the account's inbox
2. Set up the integration in Dado
- Sign into the Azure portal, using the dedicated Microsoft user account
- Browse to Microsoft Entra ID > Properties
- Scroll down to the 'Tenant ID' section and copy the tenant ID.
- For more guidance, see this Microsoft help article on finding your Tenant ID
- Log into Dado as an Admin
- Within Dado go to Settings > Integrations
- You'll see a list of integration options. Click on “Microsoft”
- Enter the Tenant ID into the new window that appears, then click 'Setup Integration'
- You will see a list of the access scopes requested by Dado, and will be asked to request approval from a Global Admin to set up this integration.
- In the 'justification' text box enter something like Enable Dado to sync data to spreadsheets and automate calendar/team invites
If you do not see a window allowing you to request admin approval, you may see a different window, titled "Need admin approval".
In this case, you will need to ask someone with Global Admin permissions in your Microsoft account to re-do step 2, while signed in to their own Microsoft account. The next step (3. Approve the integration request in Azure) will not be necessary in this scenario.
3. Approve the integration request in Azure
- Sign into the Azure portal, using an account that is a Global Administrator, or a designated reviewer with the appropriate role to review admin consent requests.
- Go to Enterprise Applications > Admin consent requests
In the table on this page, click on the request relating to the Dado app
In the sidebar that opens, click on 'Review permissions and consent', near the top of the sidebar.
You will be able to review the access scopes requested (see above for detailed descriptions of how we use each scope). For the integration to function correctly, you will need to allow all the scopes requested.
- Click 'Accept'.
At this point, the integration should be set up in Dado. You can check by going to Settings > Integrations in Dado, and seeing if a green 'active' badge is shown for the Microsoft integration
For more guidance, see this Microsoft help article on approving admin consent requests
4. Provide the dedicated Microsoft account with calendar access
- First, the owner of each relevant calendar must share it with the dedicated Microsoft account. Follow these instructions on how to share a calendar from the Outlook app or from the Outlook website
- Grant the dedicated Microsoft account "edit" permissions for the calendar
- Then the dedicated Microsoft account must accept the share request(s). Do so by logging into this account's Outlook inbox, opening the relevant email and clicking the 'Accept' button.