Skip to main content
The Microsoft 365 integration lets Sofie work with Microsoft email, calendar, OneDrive, and SharePoint when your organization enables it and a user connects their account. Use this guide if you administer Microsoft Entra apps for your organization or need to understand what your Microsoft admin must configure.
Your organization may use Sofie-managed OAuth configuration or your own Microsoft Entra app. Follow the option shown in Organization Settings.

What Sofie can use

Depending on permissions and user consent, Sofie may use Microsoft 365 to:
  • Search and read email.
  • Draft and send email after review.
  • Read calendar events.
  • Create or update calendar events after review.
  • Search OneDrive and SharePoint files.
  • Import useful files into a Workspace.
  • Use file context in chat when available.

Before you start

You need:
  • Microsoft Entra administrator access.
  • Permission to register or manage an app registration.
  • The Sofie domain your users sign in to.
  • Access to Sofie Organization Settings > Integrations.
  • Agreement on which Microsoft capabilities users need.

Redirect URI

Add this redirect URI to the Microsoft app registration, replacing the domain with your Sofie domain: 
https://<your-sofie-domain>/api/integrations/callback/microsoft
Use the exact production domain users open in the browser. If your Sofie deployment has separate staging and production domains, add each environment separately.

Register the Microsoft app

1

Open Microsoft Entra admin center

Go to Microsoft Entra admin center and open App registrations.
2

Create a new registration

Click New registration. Use a clear name such as Sofie Microsoft 365 Integration.
3

Choose supported account types

Choose the account type your organization allows. Most customer deployments use accounts in the organization tenant only.
4

Add a web redirect URI

Choose Web and add https://<your-sofie-domain>/api/integrations/callback/microsoft.
5

Save the application

Save the app registration.
Microsoft reference: Register an application with the Microsoft identity platform.

Create credentials

1

Open Certificates & secrets

In the app registration, open Certificates & secrets.
2

Create a client secret

Create a new client secret with an expiration that matches your organization policy.
3

Copy the value once

Copy the secret value immediately. Microsoft does not show the full value later.
4

Store it in Sofie

Enter the client secret only in the secure Microsoft integration fields in Sofie.
Microsoft reference: Add credentials to an application.
Do not paste client secrets into chat, CoDrafts, Workspaces, screenshots, or public docs. Use the secure integration settings fields only.

Configure Microsoft Graph permissions

Sofie’s Microsoft integration may request delegated Microsoft Graph permissions for the capabilities your organization enables. Common permission areas include:
CapabilityMicrosoft Graph permission examples
Email read and searchMail.Read
Email sendMail.Send
Calendar readCalendars.Read
Calendar writeCalendars.ReadWrite
OneDrive filesFiles.Read, Files.ReadWrite
SharePoint sitesSites.Read.All
User profileUser.Read
Long-lived connectionoffline_access
Microsoft reference: Microsoft Graph permissions reference.
Grant only the permissions your teams need. If Sofie only needs file search, do not enable email send or calendar write.

Add values in Sofie

In Sofie, go to Organization Settings > Integrations and open Microsoft. Enter:
Sofie fieldMicrosoft value
Client IDApplication client ID from the app registration.
Client SecretClient secret value.
Tenant IDDirectory tenant ID when your deployment requires tenant-specific configuration.
Then enable Microsoft and save settings.

Test the connection

1

Connect a test user

Use a user account with representative but limited Microsoft access.
2

Review consent

Confirm the consent screen lists the expected Microsoft permissions.
3

Test read actions

Ask Sofie to search email, calendar, OneDrive, or SharePoint content that the test user can access.
4

Test write actions carefully

If enabled, test email send or calendar creation with safe recipients and test events.
5

Import a file

Search OneDrive or SharePoint and import a test file into a Workspace if that workflow is enabled.

User prompt examples

Search SharePoint for files about PPQ sampling rationale. Return file name, location, likely relevance, and whether it should be imported into the validation Workspace.

Find calendar meetings with the validation team next week and draft a proposed agenda. Do not create or update any event yet.

Search recent email for open questions about CAPA effectiveness. Summarize the questions and list sender, date, and thread title.

Troubleshooting

Confirm Microsoft is enabled in Sofie, the redirect URI matches exactly, the app registration has a valid client secret, and user consent is allowed by your Microsoft tenant policy.
Check whether the Microsoft app has send permissions, whether admin consent is required, and whether the user has permission to send from the mailbox.
Confirm the user can open the site directly in Microsoft 365. Then check whether the integration includes the SharePoint-related permissions your organization allows.
Check whether the client secret expired, the app registration changed, or your organization changed conditional access or consent policies.

Official Microsoft references