Microsoft Entra ID 凭据

¥Microsoft Entra ID credentials

你可以使用以下凭据验证以下节点：

¥You can use these credentials to authenticate the following nodes:

• Microsoft Entra ID

先决条件

¥Prerequisites

• 创建 Microsoft Entra ID 账户或订阅。

¥Create a Microsoft Entra ID account or subscription.

• 如果用户账户由企业 Microsoft Entra 账户管理，则管理员账户已为此用户启用“用户可以同意应用代表其访问公司数据”选项（请参阅 Microsoft Entra 文档）。

¥If the user account is managed by a corporate Microsoft Entra account, the administrator account has enabled the option “User can consent to apps accessing company data on their behalf” for this user (see the Microsoft Entra documentation).

创建 Microsoft Azure 账户时，Microsoft 会提供一个免费的 Entra ID 计划。

¥Microsoft includes an Entra ID free plan when you create a Microsoft Azure account.

支持的身份验证方法

¥Supported authentication methods

• OAuth2

相关资源

¥Related resources

有关服务的更多信息，请参阅 Microsoft Entra ID 文档。

¥Refer to Microsoft Entra ID's documentation for more information about the service.

使用 OAuth2

¥Using OAuth2

Note for n8n Cloud users

Cloud users don't need to provide connection details. Select Connect my account to connect through your browser.

对于自托管用户，从头开始配置 OAuth2 主要分为两个步骤：

¥For self-hosted users, there are two main steps to configure OAuth2 from scratch:

1. 注册应用 使用 Microsoft Identity Platform。

¥Register an application with the Microsoft Identity Platform. 2. 该应用的 生成客户端密钥。

¥Generate a client secret for that application.

请按照以下每个步骤的详细说明进行操作。有关 Microsoft OAuth2 Web 流程的更多详细信息，请参阅 Microsoft 身份验证和授权基础知识。

¥Follow the detailed instructions for each step below. For more detail on the Microsoft OAuth2 web flow, refer to Microsoft authentication and authorization basics.

注册应用

¥Register an application

使用 Microsoft Identity Platform 注册应用：

¥Register an application with the Microsoft Identity Platform:

1. 打开 Microsoft 应用注册门户。

¥Open the Microsoft Application Registration Portal. 2. 选择“注册应用”。

¥Select Register an application. 3. 输入应用名称。

¥Enter a Name for your app. 4. 在“支持的账户类型”中，选择“任何组织目录中的账户（任何 Azure AD 目录 - 多租户）和个人 Microsoft 账户（例如 Skype、Xbox）”。

¥In Supported account types, select Accounts in any organizational directory (Any Azure AD directory - Multi-tenant) and personal Microsoft accounts (for example, Skype, Xbox). 5. 在“注册应用”中：

¥In Register an application: 1. 从你的 n8n 凭据复制 OAuth 回调 URL。

  ¥Copy the **OAuth Callback URL** from your n8n credential.

2. 将其粘贴到“重定向 URI（可选）”字段中。

   ¥Paste it into the Redirect URI (optional) field. 3. 选择“选择平台”>“Web”。

   ¥Select Select a platform > Web. 6. 选择“注册”以完成应用创建。

¥Select Register to finish creating your application. 7. 复制应用 ID 并将其作为客户端 ID 输入到你的 n8n 凭据中。

¥Copy the Application (client) ID and paste it into n8n as the Client ID.

有关更多信息，请参阅 使用 Microsoft Identity Platform 注册应用。

¥Refer to Register an application with the Microsoft Identity Platform for more information.

生成客户端密钥

¥Generate a client secret

创建应用后，为其生成客户端密钥：

¥With your application created, generate a client secret for it:

1. 在你的 Microsoft 应用页面上，选择左侧导航栏中的“证书和密钥”。

¥On your Microsoft application page, select Certificates & secrets in the left navigation. 2. 在“客户端密钥”中，选择“+ 新建客户端密钥”。

¥In Client secrets, select + New client secret. 3. 输入你的客户密钥的描述，例如 n8n credential。

¥Enter a Description for your client secret, such as n8n credential. 4. 选择添加。

¥Select Add. 5. 复制“值”列中的密钥。

¥Copy the Secret in the Value column. 6. 将其作为“客户端密钥”粘贴到 n8n 中。

¥Paste it into n8n as the Client Secret. 7. 在 n8n 中选择“连接我的账户”以完成连接设置。

¥Select Connect my account in n8n to finish setting up the connection. 8. 登录你的 Microsoft 账户并允许应用访问你的信息。

¥Log in to your Microsoft account and allow the app to access your info.

有关添加客户端密钥的更多信息，请参阅 Microsoft 的 添加凭据 文档。

¥Refer to Microsoft's Add credentials for more information on adding a client secret.

设置自定义范围

¥Setting custom scopes

Microsoft Entra ID 凭据默认使用以下范围：

¥Microsoft Entra ID credentials use the following scopes by default:

• openid

• offline_access

• AccessReview.ReadWrite.All

• Directory.ReadWrite.All

• NetworkAccessPolicy.ReadWrite.All

• DelegatedAdminRelationship.ReadWrite.All

• EntitlementManagement.ReadWrite.All

• User.ReadWrite.All

• Directory.AccessAsUser.All

• Sites.FullControl.All

• GroupMember.ReadWrite.All

要为你的凭据选择不同的范围，请启用“自定义范围”滑块并编辑“已启用范围”列表。请注意，在更严格的范围下，某些功能可能无法按预期工作。

¥To select different scopes for your credentials, enable the Custom Scopes slider and edit the Enabled Scopes list. Keep in mind that some features may not work as expected with more restrictive scopes.

常见问题

¥Common issues

以下是 Microsoft Entra 凭据的已知常见错误和问题。

¥Here are the known common errors and issues with Microsoft Entra credentials.

Need admin approval

When attempting to add credentials for a Microsoft360 or Microsoft Entra account, users may see a message when following the procedure that this action requires admin approval.

This message will appear when the account attempting to grant permissions for the credential is managed by a Microsoft Entra. In order to issue the credential, the administrator account needs to grant permission to the user (or "tenant") for that application.

The procedure for this is covered in the Microsoft Entra documentation.