Microsoft Integration

Contents

What can you do with a Dado-Microsoft integration?

The Dado <> Microsoft integration allows you to:

  • Import users from an Excel Online spreadsheet
  • Write answers given during an Experience to Excel Online spreadsheets
  • Upload files provided during an Experience to a OneDrive or Sharepoint folder
  • Create Outlook calendar events for Experience Participants
  • Invite employees to Outlook calendar events
  • Add employees to Teams and groups

Using Microsoft's Entra SSO (fka Azure SSO) with Dado requires a separate set-up, described here: Setting up Microsoft Entra SSO

What data is exchanged between Dado and Microsoft?

Dado's access to data in your Microsoft is limited by the permissions granted to the user who sets up the integration (see "Create a dedicated Microsoft account for Dado" below). For clarity, we'll refer to this as the Microsoft integration user in the rest of this section.

As a consequence, it's easy to precisely define the access Dado has by configuring the integration user's permissions in Microsoft's user management tool.


When all the requested scopes are granted (see list below), the following data from Microsoft is accessible to Dado:

  • The email address of the Microsoft integration user
  • Basic profile data for all users
  • Any files and folders in Onedrive/Sharepoint which are viewable by the Microsoft integration user
  • The name, description and settings of any teams and channels the Microsoft integration user can access
  • The name and membership of any groups the Microsoft integration user can access
  • A full list of the calendars accessible to the Microsoft integration user
  • The name, date & time, invitees and description of events in any calendars accessible to the Microsoft integration user

When all the requested scopes are granted (see list below), the following data from Dado is accessible to Microsoft:

  • User data that is configured to write to Excel Online, via sub-task data destination settings (read more about this)
    • the data destination settings enable you to specify exactly which data is sent to Excel Online
    • the only exception here is Dado's unique ID for that user, which will be sent along with any other data. This is a non-identifiable ID made of randomly generated numbers and symbols, such as "QZ2swz-LKJT"
  • Documents uploaded by users in response to 'Upload file' sub-tasks
    • this only applies if the sub-task settings are configured to send these files to Onedrive/Sharepoint

Permissions and Scopes requested by Dado

Dado requests the OAuth Scopes listed below. Please allow all of these Permissions and Scopes, otherwise, the functionality of the integration will be compromised.

How to set up the Microsoft integration

Activation of the integration depends on your organization-specific settings within your Microsoft account and will require you to work together with your IT team.

Time required: 15 minutes

Pre-requisites: a Microsoft account with

  • permissions to create users
  • Global Administrator role, or designated reviewer role, with the appropriate privileges to review admin consent requests

Step 1. Create a dedicated Microsoft user account for Dado (your Microsoft integration user)

We recommend you set up the integration using a dedicated Microsoft user account, which is only used for the purpose of Dado. We call this the Microsoft integration user. This way you can grant permissions on a granular level to this one account, so that Dado can only access what's strictly necessary.
Request your IT Team set up a new Microsoft account, e.g. dado.admin@yourcompany.org. 

Requirements for this account

  • Permissions to retrieve a tenant ID from the Entra ID section of the Azure portal – but no other admin permissions are required
  • Access to OneDrive or Sharepoint (depending on what your organization uses)
  • Access to Outlook calendar and inbox
  • We recommend that the people managing Dado at your organization have the ability to log in to the email inbox of this account, to enable calendar set-up (see step 4 below).
    • if this is not possible, then the person who does have access to this account will need to be available to receive and respond to calendar permissions emails in the account's inbox

Step 2. Set up the integration in Dado

  • Sign into the Azure portal, using the Microsoft integration user account set up in the previous step.
  • Go to Microsoft Entra ID > Properties
  • Scroll down to the 'Tenant ID' section and copy the tenant ID.
  • Log into Dado as an Admin (you can use your own Dado account for this; you don't need to create a special Dado account for the Microsoft integration user)
  • In Dado go to Settings > Integrations
  • You'll see a list of integration options. Click on “Microsoft”
  • Enter the Tenant ID into the new window that appears, then click 'Setup Integration'
  • You will see a list of the access scopes requested by Dado, and will be asked to request approval from a Global Admin to set up this integration.
    • In the 'justification' text box enter something like Enable Dado to sync data to spreadsheets and automate calendar/team invites

If you do not see a window allowing you to request admin approval, you may see a different window, titled "Need admin approval".

In this case, you will need to ask someone with Global Admin permissions in your Microsoft account to re-do step 2, while signed in to their own Microsoft account. The next step (3. Approve the integration request in Azure) will not be necessary in this scenario.

Step 3. Approve the integration request in Azure

  • Sign into the Azure portal, using an account that is a Global Administrator, or a designated reviewer with the appropriate role to review admin consent requests.
  • Go to Enterprise Applications > Admin consent requests

  • In the table on this page, click on the request relating to the Dado app

  • In the sidebar that opens, click on 'Review permissions and consent', near the top of the sidebar.

  • You will be able to review the access scopes requested (see above for detailed descriptions of how we use each scope). For the integration to function correctly, you will need to allow all the scopes requested.

  • Click 'Accept'.

  • At this point, the integration should be set up in Dado. You can check by going to Settings > Integrations in Dado, and seeing if a green 'active' badge is shown for the Microsoft integration

For more guidance, see this Microsoft help article on approving admin consent requests

Step 4. Provide the Microsoft integration user with calendar access

In order for Dado to automate inviting people to calendar events, the Microsoft account you created in Step 1 must have permissions on the relevant calendars (i.e. your "Onboarding Sessions" calendar).

  • First, the owner of each relevant calendar must share it with the Microsoft integration user. Follow these instructions on how to share a calendar from the Outlook app or from the Outlook website
    • Grant the Microsoft integration user "edit" permissions for the calendar
  • Then the Microsoft integration user must accept the share request(s). Do so by logging into this account's Outlook inbox, opening the relevant email and clicking the 'Accept' button.

Find out which Microsoft account is used by Dado (your Microsoft integration user)

Your Microsoft integration is most likely connected to Dado via a dedicated Microsoft user account made just for the sake of this integration. We call this the Microsoft integration user. In some cases, the Google Workspace account of one of your Dado Admin users is used instead.


To find out your Microsoft integration user:

  1. Go to Settings > Integrations
  2. Click on the Microsoft tile.
  3. It will take a couple of seconds to load the information on your integration user, which will appear at the top of the new window.

Still need help? Contact Us Contact Us