Hi,
We are building a web-based, JavaScript Outlook Add-In which is required to call Microsoft Graph APIs to access the Outlook's user's emails and attachments.
For the same, we understand that the prescribed approach is to register an Azure app, set it up for Graph access and, using MSAL libraries, acquire an access token for/from this Azure app. And, using this access token, make calls to Graph APIs.
But, our system is a multi-tenant one. And, as per our understanding of how Graph APIs are to be consumed from within an Outlook Add-In, we believe:
We would require each of our Tenant to register an Azure app, and set it up for Graph access.
- Now, to be able to call MSAL libraries for different Azure apps (a different one for each tenant), we would be required to have the Azure app details (such as AppId, Scope, ClientId) for each of our tenants. So that we can pass those details as parameters while calling the MSAL APIs.
- So, we need to explore and know if there is a provision where we can have just one Azure app which our Outlook Add-In will interact with. And, that Azure app, in turn, could be configured in a way which could enable it to provide access to Graph APIs for users of multiple tenancy.
Thank you
Arun