Skip to main content

About Microsoft Graph

Microsoft Graph is a unified API that provides access to Microsoft 365 and Enterprise Mobility + Security (EMS) services. This integration uses OAuth 2.0 Client Credentials flow for server-to-server authentication, enabling workflows to access Microsoft Graph APIs without user interaction.

What the Microsoft Graph integration enables

CapabilityDescription
Automation workflowsManage mail, calendar, files, Teams, device management, security, and compliance tasks automatically through Serval workflows
Anything defined in the Microsoft Graph API can be accessed through Serval.

Azure AD Configuration

1. Create App Registration

  1. Go to the Azure Portal and sign in with admin privileges
  2. In the app selector, navigate to Microsoft Entra with this link
  3. Navigate to App registrations in the left sidebar
  4. Click New registration
  5. Configure the application:
    • Name: “Serval Microsoft Graph Integration” (or similar)
    • Supported account types: “Accounts in this organizational directory only”
    • Redirect URI: Leave blank
  6. Click Register
  7. Copy these values from the Overview page:
    • Application (client) ID - This is your Client ID
    • Directory (tenant) ID - This is your Tenant ID

2. Create Client Secret

  1. Navigate to Certificates & secretsNew client secret
  2. Add description: “Serval Integration Secret”
  3. Choose expiration period and click Add
  4. ⚠️ Important: Copy the secret Value immediately - this is your Client Secret

3. Configure API Permissions

  1. Navigate to API permissionsAdd a permissionMicrosoft GraphApplication permissions
  2. Add required scopes based on your needs. Common permissions include: Applications & App Catalog:
    • Application.Read.All - Read applications
    • Application.ReadWrite.All - Read and write applications
    • Application.ReadWrite.OwnedBy - Read and write applications owned by the current user
    • AppCatalog.Read.All - Read app catalog
    • AppCatalog.ReadWrite.All - Read and write app catalog
    Directory & Users:
    • Directory.Read.All - Read directory data
    • User.Read.All - Read user profiles
    • User.ReadWrite.All - Read and write user profiles
    • Group.Read.All - Read groups
    • Group.ReadWrite.All - Read and write groups
    Communication:
    • Mail.Read - Read mail in all mailboxes
    • Calendars.Read - Read calendars
    • Contacts.Read - Read contacts
    Files & Content:
    • Files.Read.All - Read files in all sites
    • Sites.Read.All - Read SharePoint items
    Teams:
    • Team.ReadBasic.All - Read team names/descriptions
    • TeamMember.Read.All - Read team members
    Device Management:
    • DeviceManagementManagedDevices.Read.All - Read managed devices
    Reports & Security:
    • Reports.Read.All - Read usage reports
    • SecurityEvents.Read.All - Read security events
    For write operations, use the corresponding .ReadWrite.All permissions.
  3. Grant admin consent: Click Grant admin consent for [Your Organization]Yes
  4. Verify all permissions show Granted for [Your Organization]
Note: The integration uses the https://graph.microsoft.com/.default scope, which grants access to all application permissions configured above. For detailed permission information, see the Microsoft Graph permissions reference.

Serval Configuration

  1. In Serval, navigate to AppsAvailableMicrosoft GraphConnect
  2. Enter the required information:
    • Instance Name: Descriptive name for this integration
    • Tenant ID: Your Azure AD tenant ID (from step 1)
    • Client ID: Your application client ID (from step 1)
    • Client Secret: The secret value (from step 2)
  3. Click Connect to establish the integration
Your Microsoft Graph integration is now ready to use in workflows!