Integration to Microsoft 365

This chapter describes how to integrate Sofa with Microsoft 365 applications. The main purpose is to make Sofa processes available directly in Microsoft 365 apps; for example to write a Word document and be able to sign it using Sofa right away. Sofa can be also available to access directly in Teams and SharePoint.

Key concepts

This chapter contains terms that are not very common. Therefore, we offer a short explanation below.

Tenant

Tenant is a label for a company (organization) identity in a rented space – Microsoft cloud services. Tenant, or a company account, is created when creating a Microsoft cloud service. You will use this account to log in to the environment where you can manage and use your cloud services. All information such as domains, users, service subscription is linked to the company account.

Tenant name

Tenant name is a third-level domain, which is followed by a fixed second-level domain name – onmicrosoft.com (for example company.onmicrosoft.com). When creating the tenant, only the “company” string needs to be specified. It is possible that your selected name is already taken. This is checked during the signup, and you will be prompted to select a different name.

A tenant name entered when creating a connection cannot be changed later. The only option is deleting the connection and creating another with a different tenant name. Keep in mind that the selected name will be included in all URL addresses when sharing anything.
Tenant ID

Tenant name is also related to the string generated automatically when creating the tenant – a Tenant ID. This string (such as "b410305f-3ebe-474a-a83f-4add9acd47d1") is required when linking to the Microsoft 365 environment.

Global administrator

The user creating the tenant automatically receives its Global administrator role. This role gives the ability to set up all service parameters and also manage the users, including their role assignments. Because it is an important role, it is recommended for larger organizations to set up more than one user with this role to allow substitution.

Microsoft Entra, previously Azure Active Directory

Microsoft Entra (previously Azure Active Directory, Azure AD, AAD) is a cloud-based service that provides identity and access management. Microsoft Entra allows company users access to external resources, such as Microsoft 365, Azure Portal and thousands of other SaaS applications.

The SaaS (software as a service) model allows users to connect to cloud apps and use them through the Internet. The most common examples include e-mail, calendars or office applications (such as Microsoft 365 apps).

Microsoft Entra also provides access to internal resources such as company intranet apps, and to all cloud apps created specifically for your organization.

Microsoft Entra ID

Microsoft Entra ID is Microsoft Entra application, which will synchronize users from the remote company to Sofa. Microsoft Entra ID requires some permissions:

  • Storing provided data.

  • User login (delegated permission).

  • Reading the user synchronization directory.

It also requires a permission in behalf of the users' organization to allow all synchronized users to log in to Sofa using their Microsoft Entra login details.

Application manifest

Application manifest in Microsoft Entra is a file containing the definitions of all application object attributes in Microsoft identity platform. It also provides a mechanism to update the application object.

The application manifest can be configured using Azure Portal programmatically using Microsoft Graph API or Microsoft Graph PowerShell SDK.

For more information, see for example the following page: https://learn.microsoft.com/en-us/entra/identity-platform/reference-app-manifest.