Ejento AI
GuidesQuickstart
RecipesREST APIsRelease NotesFAQs
GuidesQuickstart
RecipesREST APIsRelease NotesFAQs
Ejento AI
  1. MCP Servers
  • How to Setup Ejento on Azure
  • Prerequisites
  • Deployment on Azure
  • Setup After Deployment
    • Custom Domain Set Up
    • Microsoft SSO Authentication
    • Okta SSO Authentication
    • SharePoint Connection Set Up
    • Developer API Set Up
    • Azure AI Search Indexer
    • Container Session Pool Set Up
  • MCP Servers
    • Slack
    • Jira
    • Azure
    • Snowflake
    • Azure Cosmos DB
    • Microsoft OAuth MCPs
  • Overview
    • Azure Resources
  1. MCP Servers

Microsoft OAuth MCPs

1. Overview#

This document walks through setting up various Microsoft OAuth MCPs:
Microsoft Teams MCP
Microsoft Outlook MCP
Azure DevOps MCP
Each integration uses OAuth 2.0 so that users authenticate with their own Microsoft identity and grant scoped access on their behalf. Ejento acts as the orchestration layer — handling token exchange and securely storing credentials so agents can act on behalf of users at runtime.
The steps required are the same across all three integrations:
Add the required API permissions to the existing app registration
Add the Ejento callback (redirect) URI
Provide Ejento with the Client ID, Tenant ID, and Client Secret

2. What Each MCP Enables#

2.1 Microsoft Teams MCP#

With the Teams MCP enabled, Ejento agents can:
CapabilityDescription
Read channels & teamsList teams and channels the user belongs to
Read channel messagesRetrieve messages from channels
Send & reply to messagesPost messages or replies
Read & write chat messagesAccess and send direct messages
Access shared filesWork with files via Teams/SharePoint
Read team membershipIdentify team members
Read user profilesRetrieve user profile info

2.2 Microsoft Outlook MCP#

With the Outlook MCP enabled, Ejento agents can:
CapabilityDescription
Read & write emailsAccess and manage emails
Send emailsSend emails on behalf of the user
Read & write calendar eventsManage meetings and events
Read contactsAccess user contacts
Read user profileRetrieve profile info

2.3 Azure DevOps MCP#

With the Azure DevOps MCP enabled, Ejento agents can:
CapabilityDescription
Work itemsManage tasks, bugs, and stories
Repositories & PRsAccess code and pull requests
Pipelines & buildsTrigger and view builds
Boards & sprintsAccess planning tools
Test plansView test data
Project & team dataList projects and teams
Note: Access is limited to the permissions of the signed-in user.

3. App Registration Changes Required#

3.1 Add Redirect URIs#

Navigate to Authentication in each app registration and add:
IntegrationRedirect URI
Outlookhttps://apim-ejento-manpowergroup-eastus2-001.azure-api.net/auth-service/api/v2/mcp-sso/outlook/callback
Teamshttps://apim-ejento-manpowergroup-eastus2-001.azure-api.net/auth-service/api/v2/mcp-sso/teams/callback
Azure DevOpshttps://apim-ejento-manpowergroup-eastus2-001.azure-api.net/auth-service/api/v2/mcp-sso/devops/callback

3.2 API Permissions — Microsoft Teams#

Add these Microsoft Graph Delegated Permissions:
PermissionDescription
Channel.ReadBasic.AllRead channel metadata
ChannelMessage.Read.AllRead channel messages
ChannelMessage.ReadWriteRead/write messages
ChannelMessage.SendSend messages
Chat.ReadWriteChat access
Chat.ReadWrite.AllFull chat access
Files.ReadWrite.AllFile access
Team.ReadBasic.AllRead teams
TeamMember.Read.AllRead members
User.ReadBasic profile
User.ReadBasic.AllBasic profiles
Note: Some require admin consent.

3.3 API Permissions — Outlook#

Add these Microsoft Graph Delegated Permissions:
PermissionDescription
Calendars.ReadRead calendars
Calendars.ReadWriteFull calendar access
Contacts.ReadRead contacts
emailAccess email address
Mail.ReadRead mail
Mail.ReadWriteRead/write mail
Mail.SendSend mail
User.ReadProfile access
permissions.png

3.4 API Permissions — Azure DevOps#

Add:
PermissionDescription
user_impersonationFull access to Azure DevOps APIs
Steps:
Go to API Permissions
Click Add a permission
Select APIs my organization uses
Search Azure DevOps

4. Credentials Required#

Provide the following:
ValueLocationNotes
Client IDApp OverviewOne per integration
Tenant IDApp OverviewUsually same
Client SecretCertificates & SecretsTreat as password
Important: Share securely (not via email).

5. OAuth Setup on Ejento#

Once setup, we will enable these connectors on Ejento. Once enabled, users authenticate with their own account, allowing the connectors to operate using that user’s information and access
connectors_ejento.png
Previous
Azure Cosmos DB
Next
Azure Resources