Setting up the Azure Application

The Application provides authentication and access details that the plugin will use to access user data

Create Mattermost App in Azure

Each user in Mattermost will need to allow the plugin to access their Calendar so it can track the user's status. The following steps create an Azure application that will be used with the plugin on Mattermost.

Sign into using an admin Azure account. Then navigate to Azure Active Directory, then Navigate to App Registrations

Click New registration button at the top of the page.

Fill out the form with the following values:

  • Name (Customizable): Mattermost MS Calendar Plugin

  • Supported account types: Default value (Single tenant)

  • Redirect URI: https://(MM_SITE_URL)/plugins/com.mattermost.mscalendar/oauth2/complete

Replace (MM_SITE_URL) with your Mattermost server's Site URL. Then submit the form by clicking Register.

Client Secret

We will now create the client secret which is used by the plugin to prove it's identity to Azure.

Navigate to Certificates & secrets in the left pane.

Click New client secret. Then click Add, and copy the new secret on the bottom right corner of the screen. Save this Value somewhere (You will be able to access it later though). We'll use this value later in the Mattermost admin console.

Set Delegated API Permissions for the Plugin

Navigate to API permissions in the left pane.

Click Add a permission, then click Microsoft Graph in the right pane.

Click Delegated permissions, and scroll down to select the following permissions:

  • Calendars.ReadWrite

  • Calendars.ReadWrite.Shared

  • MailboxSettings.Read

Submit the form by clicking Add permissions at the bottom.

Set Graph Application Permissions

Afterwards, add application permissions by clicking Add a permission -> Microsoft Graph -> Application permissions. Select the following permissions:

  • Calendars.Read

  • MailboxSettings.Read

  • User.ReadAll

Submit the form by clicking Add permissions at the bottom.

Permissions Review

These are all the permissions that should be set for the Application at this point:

This step makes the process smoother for your end-users by accepting on their behalf that the application will be able to access their accounts - so they don't need to grant consent themselves. They will still need to connect their accounts in Mattermost, but the user will not be prompted to explicitly grant access to their accounts.

Click Grant admin consent for... to grant the permissions for the application.

Copy Plugin Settings

Finally, copy all the required strings to complete the configuration of the plugin on Mattermost next.

Copy the Client ID and Tenant ID from the Azure portal