Microsoft 凭据

¥Microsoft credentials

你可以使用以下凭据验证以下节点：

¥You can use these credentials to authenticate the following nodes:

• Microsoft Dynamics CRM

• Microsoft Excel

• Microsoft Graph 安全性

¥Microsoft Graph Security

• Microsoft OneDrive

• Microsoft Outlook

• Microsoft SharePoint

• Microsoft Teams

• Microsoft Teams 触发器

¥Microsoft Teams Trigger

• Microsoft To Do

先决条件

¥Prerequisites

• 创建 Microsoft Azure 账户。

¥Create a Microsoft Azure account.

• 创建至少一个具有相应服务访问权限的用户账户。

¥Create at least one user account with access to the appropriate service.

• 如果用户账户由企业 Microsoft Entra 账户管理，则管理员账户已为此用户启用“用户可以同意应用代表其访问公司数据”选项（请参阅 Microsoft Entra 文档）。

¥If a corporate Microsoft Entra account manages the user account, the administrator account has enabled the option “User can consent to apps accessing company data on their behalf” for this user (see the Microsoft Entra documentation).

支持的身份验证方法

¥Supported authentication methods

• OAuth2

相关资源

¥Related resources

请参阅以下链接的 Microsoft API 文档，了解有关每个服务 API 的更多信息。

¥Refer to the linked Microsoft API documentation below for more information about each service's API:

• Dynamics CRM：Web API

• Excel：Graph API

• Graph 安全性：Graph API

¥Graph Security: Graph API

• OneDrive：Graph API

• Outlook:Graph API 和 Outlook API

¥Outlook: Graph API and Outlook API

• 团队：Graph API

¥Teams: Graph API

• 待办事项：Graph API

¥To Do: Graph API

使用 OAuth2

¥Using OAuth2

Note for n8n Cloud users

Cloud users don't need to provide connection details. Select Connect my account to connect through your browser.

某些 Microsoft 服务需要额外的 OAuth2 信息。请参阅 服务特定设置 获取有关这些服务的更多指导。

¥Some Microsoft services require extra information for OAuth2. Refer to Service-specific settings for more guidance on those services.

对于自托管用户，从头开始配置 OAuth2 主要分为两个步骤：

¥For self-hosted users, there are two main steps to configure OAuth2 from scratch:

1. 注册应用 使用 Microsoft Identity Platform。

¥Register an application with the Microsoft Identity Platform. 2. 该应用的 生成客户端密钥。

¥Generate a client secret for that application.

请按照以下每个步骤的详细说明进行操作。有关 Microsoft OAuth2 Web 流程的更多详细信息，请参阅 Microsoft 身份验证和授权基础知识。

¥Follow the detailed instructions for each step below. For more detail on the Microsoft OAuth2 web flow, refer to Microsoft authentication and authorization basics.

注册应用

¥Register an application

使用 Microsoft Identity Platform 注册应用：

¥Register an application with the Microsoft Identity Platform:

1. 打开 Microsoft 应用注册门户。

¥Open the Microsoft Application Registration Portal. 2. 选择“注册应用”。

¥Select Register an application. 3. 输入应用名称。

¥Enter a Name for your app. 4. 在“支持的账户类型”中，选择“任何组织目录中的账户（任何 Azure AD 目录 - 多租户）和个人 Microsoft 账户（例如 Skype、Xbox）”。

¥In Supported account types, select Accounts in any organizational directory (Any Azure AD directory - Multi-tenant) and personal Microsoft accounts (for example, Skype, Xbox). 5. 在“注册应用”中：

¥In Register an application: 1. 从你的 n8n 凭据复制 OAuth 回调 URL。

  ¥Copy the **OAuth Callback URL** from your n8n credential.

2. 将其粘贴到“重定向 URI（可选）”字段中。

   ¥Paste it into the Redirect URI (optional) field. 3. 选择“选择平台”>“Web”。

   ¥Select Select a platform > Web. 6. 选择“注册”以完成应用创建。

¥Select Register to finish creating your application. 7. 复制应用 ID 并将其作为客户端 ID 输入到你的 n8n 凭据中。

¥Copy the Application (client) ID and paste it into n8n as the Client ID.

有关更多信息，请参阅 使用 Microsoft Identity Platform 注册应用。

¥Refer to Register an application with the Microsoft Identity Platform for more information.

生成客户端密钥

¥Generate a client secret

创建应用后，为其生成客户端密钥：

¥With your application created, generate a client secret for it:

1. 在你的 Microsoft 应用页面上，选择左侧导航栏中的“证书和密钥”。

¥On your Microsoft application page, select Certificates & secrets in the left navigation. 2. 在“客户端密钥”中，选择“+ 新建客户端密钥”。

¥In Client secrets, select + New client secret. 3. 输入你的客户密钥的描述，例如 n8n credential。

¥Enter a Description for your client secret, such as n8n credential. 4. 选择添加。

¥Select Add. 5. 复制“值”列中的密钥。

¥Copy the Secret in the Value column. 6. 将其作为“客户端密钥”粘贴到 n8n 中。

¥Paste it into n8n as the Client Secret. 7. 如果你在 n8n 凭据中看到其他字段，请参阅下面的 服务特定设置 以获取有关填写这些字段的指导。

¥If you see other fields in the n8n credential, refer to Service-specific settings below for guidance on completing those fields. 8. 在 n8n 中选择“连接我的账户”以完成连接设置。

¥Select Connect my account in n8n to finish setting up the connection. 9. 登录你的 Microsoft 账户并允许应用访问你的信息。

¥Log in to your Microsoft account and allow the app to access your info.

有关添加客户端密钥的更多信息，请参阅 Microsoft 的 添加凭据 文档。

¥Refer to Microsoft's Add credentials for more information on adding a client secret.

服务特定设置

¥Service-specific settings

以下服务需要额外的 OAuth2 信息：

¥The following services require extra information for OAuth2:

动态

¥Dynamics

Dynamics OAuth2 需要你的 Dynamics 域和区域信息。请按照以下额外步骤完成凭据配置：

¥Dynamics OAuth2 requires information about your Dynamics domain and region. Follow these extra steps to complete the credential:

1. 请输入你的 Dynamics 域名。

¥Enter your Dynamics Domain. 2. 选择你所在的 Dynamics 数据中心区域。

¥Select the Dynamics data center Region you're within.

有关区域选项和相应 URL 的更多信息，请参阅 Microsoft 数据中心区域文档。

¥Refer to the Microsoft Datacenter regions documentation for more information on the region options and corresponding URLs.

Microsoft（常规）

¥Microsoft (general)

通用的 Microsoft OAuth2 还要求你为此凭据提供以空格分隔的 Scopes 列表。

¥The general Microsoft OAuth2 also requires you to provide a space-separated list of Scopes for this credential.

请参阅 Microsoft 身份平台中的范围和权限 获取可能的作用域列表。

¥Refer to Scopes and permissions in the Microsoft identity platform for a list of possible scopes.

Outlook

Outlook OAuth2 支持使用凭据访问用户的主电子邮件收件箱或共享收件箱。默认情况下，凭据将访问用户的主电子邮件收件箱。更改此行为：

¥Outlook OAuth2 supports the credential accessing a user's primary email inbox or a shared inbox. By default, the credential will access a user's primary email inbox. To change this behavior:

1. 启用“使用共享收件箱”。

¥Turn on Use Shared Inbox. 2. 输入目标用户的 UPN 或 ID 作为用户主体名称。

¥Enter the target user's UPN or ID as the User Principal Name.

SharePoint

SharePoint OAuth2 需要有关你的 SharePoint 子域的信息。

¥SharePoint OAuth2 requires information about your SharePoint Subdomain.

要完成凭据，请输入 SharePoint URL 的子域部分。例如，如果你的 SharePoint URL 为 https://tenant123.sharepoint.com，则子域名为 tenant123。

¥To complete the credential, enter the Subdomain part of your SharePoint URL. For example, if your SharePoint URL is https://tenant123.sharepoint.com, the subdomain is tenant123.

SharePoint 需要以下权限：

¥SharePoint requires the following permissions:

应用权限：

¥Application permissions:

• Sites.Read.All

• Sites.ReadWrite.All

委托权限：

¥Delegated permissions:

• SearchConfiguration.Read.All

• SearchConfiguration.ReadWrite.All

常见问题

¥Common issues

以下是 Microsoft OAuth2 凭据的已知常见错误和问题。

¥Here are the known common errors and issues with Microsoft OAuth2 credentials.

Need admin approval

When attempting to add credentials for a Microsoft360 or Microsoft Entra account, users may see a message when following the procedure that this action requires admin approval.

This message will appear when the account attempting to grant permissions for the credential is managed by a Microsoft Entra. In order to issue the credential, the administrator account needs to grant permission to the user (or "tenant") for that application.

The procedure for this is covered in the Microsoft Entra documentation.