Console
    Start free

    Microsoft Outlook configuration

    This page describes how to set up and configure a third-party configuration before creating the Outlook data store.

    Set up authentication and permissions

    You need to set up authentication and permissions in Microsoft Entra admin center. This is crucial for allowing the connector to access and synchronize data.

    Register Entra app for Microsoft Outlook connector

    Before creating the Microsoft Outlook connector in Gemini Enterprise, register a Microsoft Entra application to enable secure access.

    To register Gemini Enterprise as an OAuth 2.0 application in Entra, do the following:

    1. Navigate to Microsoft Entra admin center .
    2. In the navigation menu, expand the Entra IDand select App registrations.
    3. On the App registrationspage, click New registration.

    4. On the Register an applicationpage, do the following:

      1. In the Namefield, enter a name for your app.
      2. In the Supported account typessection, select Accounts in this organizational directory only.
      3. In the Redirect URIsection, do the following:
        1. In the platform list, select Web .
        2. In the redirect URI field, enter https://vertexaisearch.cloud.google.com/console/oauth/default_oauth.html .
      4. Click Register. Microsoft Entra creates your app and displays the overview page of your app.

    5. In the app navigation menu, click Authentication.

    6. Click Add redirect URI.

    7. In the platform selection pane, do the following:

      1. Select Web.
      2. In the Redirect URIfield, enter https://vertexaisearch.cloud.google.com/oauth-redirect .
      3. Click Configure.

    Create an OAuth 2.0 configuration

    To create a connection using the OAuth 2.0 authentication method, you need to obtain a client ID, client secret, and your Tenant ID from your Microsoft Entra application registration page.

    Obtain client ID and client secret

    1. To obtain the client ID and secret for the app, do the following:

      1. On the app page, select Certificates & secretsfrom the app navigation menu.
      2. Click New client secret.
      3. In the client secret pane, do the following:
        1. In the Descriptionfield, enter a description for the secret.
        2. In the Expireslist, select an expiry duration.
        3. Click Add.
      4. Copy the secret displayed in the Valuecolumn ( Client Secret ) and the identifier in the Secret IDcolumn ( Client ID ), and securely store both for later use.

    Obtain Tenant ID

    Your tenant ID can be found in the Tenant IDbox on the overview page in the Microsoft Entra admin center.

    Configure Microsoft API permissions

    To configure the required API permissions for the app, do the following:

    1. On the app page, select API permissions.

    2. Click Add permissions.

    3. In the Request API permissionspage, select Microsoft Graph.

    4. Search for and select the following permissions based on your connection mode:

      Connection mode
      Scope
      Purpose
      Federated search
      Mail.Read
      Calendars.Read
      Contacts.Read
      (Delegated) Allows the connector to read the signed-in user's mailbox, calendar events, and contacts.
      Data ingestion
      Calendars.Read
      (Application) Allows the connector to read events of all calendars.
      Calendars.ReadBasic.All
      (Application) Allows the connector to read events of all calendars, except for properties such as body, attachments, and extensions.
      Contacts.Read
      (Application) Allows the connector to read all contacts in all mailboxes.
      Mail.Read
      (Application) Allows the connector to read mail in all mailboxes.
      Mail.ReadBasic
      (Application) Allows the connector to read basic mail properties in all mailboxes. Includes all properties except body, previewBody, attachments and any extended properties.
      Mail.ReadBasic.All
      (Application) Allows the connector to read basic mail properties in all mailboxes. Includes all properties except body, previewBody, attachments and any extended properties.
      User.Read
      (Delegated) Allows the connector to read the profile of signed-in users.
      User.Read.All
      (Application) Allows the connector to read the full set of profile properties, reports, and managers of other users in your organization.
      User.ReadBasic.All
      (Application) Allows the connector to read a basic set of profile properties of other users in your organization.
      Actions
      Mail.Send
      (Delegated) Allows the connector to send mail as users in the organization.
      Calendars.ReadWrite
      (Delegated) Allows the connector to create, read, update, and delete events in user calendars.
      Contacts.ReadWrite
      (Delegated) Allows the connector to create, read, update, and delete user contacts.

    5. Click Add Permissions.
    Design a Mobile Site
    View Site in Mobile | Classic
    Share by: