Microsoft Integration

Contents

What can you do with a Dado-Microsoft integration?

The Dado <> Microsoft integration allows you to:

  • Import users from an Excel Online spreadsheet
  • Write answers given during an Experience to Excel Online spreadsheets
  • Upload files provided during an Experience to a OneDrive or Sharepoint folder
  • Create Outlook calendar events for Experience Participants
  • Invite employees to Outlook calendar events
  • Add employees to Teams and groups

Using Microsoft's Entra SSO (fka Azure SSO) with Dado requires a separate set-up, described here: Setting up Microsoft Entra SSO

What data is exchanged between Dado and Microsoft?

Dado's access to data in your Microsoft is limited by the permissions granted to the user who sets up the integration (see "Create a dedicated Microsoft account for Dado" below). For clarity, we'll refer to this as the "dedicated Microsoft account" in the rest of this section.

As a consequence, it's easy to precisely define the access Dado has by configuring the integration user's permissions in Microsoft's user management tool.


When all the requested scopes are granted (see list below), the following data from Microsoft is accessible to Dado:

  • The email address of the dedicated Microsoft account
  • Basic profile data for all users
  • Any files and folders in Onedrive/Sharepoint which are viewable by the dedicated Microsoft account
  • The name, description and settings of any teams and channels the dedicated Microsoft account can access
  • The name and membership of any groups the dedicated Microsoft account can access
  • A full list of the calendars accessible to the dedicated Microsoft account
  • The name, date & time, invitees and description of events in any calendars accessible to the dedicated Microsoft account

When all the requested scopes are granted (see list below), the following data from Dado is accessible to Microsoft:

  • User data that is configured to write to Excel Online, via sub-task data destination settings (read more about this)
    • the data destination settings enable you to specify exactly which data is sent to Excel Online
    • the only exception here is Dado's unique ID for that user, which will be sent along with any other data. This is a non-identifiable ID made of randomly generated numbers and symbols, such as "QZ2swz-LKJT"
  • Documents uploaded by users in response to 'Upload file' sub-tasks
    • this only applies if the sub-task settings are configured to send these files to Onedrive/Sharepoint

Permissions and Scopes requested by Dado

Dado requests the OAuth Scopes listed below. Please allow all of these Permissions and Scopes, otherwise, the functionality of the integration will be compromised.

How to set up the Microsoft integration

Activation of the integration depends on your organization-specific settings within your Microsoft account and will require you to work together with your IT team.

1. Create a dedicated Microsoft user account for Dado

We recommend you set up the integration using a dedicated Microsoft user account, which is only used for the purpose of Dado. This way you can grant permissions on a granular level to this one account, so that Dado can only access what's strictly necessary.
Request your IT Team set up a new Microsoft account, e.g. dado.admin@yourcompany.org. 

Requirements for this account

  • No Admin permissions are required – although a user with Global Admin permissions will be required later in the integration process (see step 3 below)
  • We recommend that the people managing Dado at your organization have the ability to log in to the email inbox of this account, to enable calendar set-up (see step 4 below).
    • if this is not possible, then the person who does have access to this account will need to be available to receive and respond to calendar permissions emails in the account's inbox

2. Set up the integration in Dado

  • Sign into the Azure portal, using the dedicated Microsoft user account
  • Browse to Microsoft Entra ID > Properties
  • Scroll down to the 'Tenant ID' section and copy the tenant ID.
  • Log into Dado as an Admin
  • Within Dado go to Settings > Integrations
  • You'll see a list of integration options. Click on “Microsoft”
  • Enter the Tenant ID into the new window that appears, then click 'Setup Integration'
  • You will see a list of the access scopes requested by Dado, and will be asked to request approval from a Global Admin to set up this integration.
    • In the 'justification' text box enter something like Enable Dado to sync data to spreadsheets and automate calendar/team invites

If you do not see a window allowing you to request admin approval, you may see a different window, titled "Need admin approval".

In this case, you will need to ask someone with Global Admin permissions in your Microsoft account to re-do step 2, while signed in to their own Microsoft account. The next step (3. Approve the integration request in Azure) will not be necessary in this scenario.

3. Approve the integration request in Azure

  • Sign into the Azure portal, using an account that is a Global Administrator, or a designated reviewer with the appropriate role to review admin consent requests.
  • Go to Enterprise Applications > Admin consent requests

  • In the table on this page, click on the request relating to the Dado app

  • In the sidebar that opens, click on 'Review permissions and consent', near the top of the sidebar.

  • You will be able to review the access scopes requested (see above for detailed descriptions of how we use each scope). For the integration to function correctly, you will need to allow all the scopes requested.

  • Click 'Accept'.

  • At this point, the integration should be set up in Dado. You can check by going to Settings > Integrations in Dado, and seeing if a green 'active' badge is shown for the Microsoft integration

For more guidance, see this Microsoft help article on approving admin consent requests

4. Provide the dedicated Microsoft account with calendar access

In order for Dado to automate inviting people to calendar events, the Microsoft account you created in Step 1 must have permissions on the relevant calendars (i.e. your "Onboarding Sessions" calendar).

  • First, the owner of each relevant calendar must share it with the dedicated Microsoft account. Follow these instructions on how to share a calendar from the Outlook app or from the Outlook website
    • Grant the dedicated Microsoft account "edit" permissions for the calendar
  • Then the dedicated Microsoft account must accept the share request(s). Do so by logging into this account's Outlook inbox, opening the relevant email and clicking the 'Accept' button.

Still need help? Contact Us Contact Us