How to use Microsoft Graph API for the domain other than the one in which App is registered?

Rohan Nikam 0 Reputation points
2024-03-27T05:46:22.1666667+00:00

I am using Microsoft Graph APIs to Add, Update, Delete events from Outlook Calendar and to check Availability. As per the Microsoft Graph documentation, I have registered an App from Azure portal with the required permissions for the domain in which I will be using the Microsoft Graph API. I am using Microsoft Graph JavaScript SDK. Whenever I call Microsoft Graph API the user/ Admin needs to first authenticate with the Microsoft credentials then the request to Microsoft Graph API proceeds further. This is working correctly.

Following are some of the use cases for which I am using Microsoft Graph APIs:

  1. User can add a created Event in his Outlook calendar or an Admin can add the event for multiple users at once. Similarly for Update and Delete.
  2. Admin can check for the Availability of the users.

I have doubts regarding the future use cases in which I will be using Microsoft Graph APIs.

  1. Both of the above use cases I was using for users registered under same domain in which the App is registered.

But now I have a scenario where Admin will be registered under one domain and a User in whose Outlook calendar the Event has to be Added/ Updated/ Deleted will be from different domain. So in this case how could the Microsoft Graph APIs be used? because Admin will Authenticate with his Microsoft credentials and probably it will not allow to Add, Update, Delete event for user in different domain.

  1. As mentioned the Microsoft Graph API that I am using requires the User/ Admin to first authenticate with credentials, I am thinking of directly calling the Microsoft Graph API without User/ Admin authentication, is this possible?
Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,037 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. CarlZhao-MSFT 42,026 Reputation points
    2024-03-27T08:21:37.45+00:00

    Hi @Rohan Nikam

    Yes, it is possible. If you want to call the graph API to add/update/delete calendar events for users in other domains (tenants), then you must configure your application as a multi-tenant application and then add the application as an enterprise application to the target user's tenant. This requires you to run the admin consent URL in the browser, then log in with the target tenant's admin and consent.

    User's image

    https://login.microsoftonline.com/{tenant id or domain name of the target domain}/adminconsent?client_id={client-id}
    

    Afterwards, you will be able to use the unattended client credentials flow to request access tokens and call the graph API to manage calendar events for users from other domains (tenants).

    Hope this helps.

    If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.