MS Excel

This guide walks you through app registration in Microsoft Entra (Azure AD) and configuring your on-premise Nected deployment so users can connect Microsoft Excel (OneDrive/SharePoint) as an integration from the Nected UI. The Excel connector is used in Workflows for reading and writing workbooks.

Prerequisites

Access to your on-premise Nected deployment (Helm values and cluster)
A Microsoft account with permissions to register applications in Microsoft Entra (Azure AD)
Your Nected UI base URL (e.g. https://nected.yourcompany.com)

App Registration (Microsoft Entra)

Complete the following steps in the Microsoft Entra admin center so Nected can use OAuth to connect to Excel/OneDrive/SharePoint.

Step 1: Open Entra and Create the App

Go to https://entra.microsoft.com and sign in.
In the left sidebar, expand Entra ID and select App registrations.
Click + New registration.
On the Register an application form, fill in:
- Name: A user-facing display name (e.g. Nected Excel). This can be changed later.
- Supported account types: Choose one:
  - Accounts in any organizational directory (Any Microsoft Entra ID tenant – Multitenant) if users from any Azure AD / Microsoft 365 tenant should sign in.
  - Single tenant only (Default Directory) if only your organization’s directory should be allowed. Use Help me choose if unsure.
- Redirect URI (optional): Under Web, add your Nected OAuth redirect URI: https://<nected-ui-domain>/oauth/redirect (e.g. https://nected.yourcompany.com/oauth/redirect). You can also add this later under Authentication.
Click Register. You’ll land on the app’s Overview page.

Step 2: Add API Permissions

In the left menu, go to Manage → API permissions.
Click + Add a permission.
In Request API permissions, leave Microsoft APIs selected. Under Commonly used Microsoft APIs, select Microsoft Graph (it includes access to Excel, OneDrive, SharePoint, and related services).
When asked “What type of permissions does your application require?”, choose Delegated permissions (your app will access the API as the signed-in user, which is required for Excel/OneDrive in Nected).
Search for and add the following delegated permissions.
Microsoft Graph (add these first via Add a permission → Microsoft APIs → Microsoft Graph → Delegated):
- Files.Read — Read user files
- Files.ReadWrite — Have full access to user files
- offline_access — Maintain access to data you have given it access to
- openid — Sign users in
- profile — View users’ basic profile
- User.Read — Sign in and read user profile
SharePoint (add via Add a permission → APIs my organization uses or search for SharePoint → Delegated):
- MyFiles.Read — Read user files
- MyFiles.Write — Read and write user files
Your Configured permissions should show both Microsoft Graph (6) and SharePoint (2). Optionally check Grant admin consent for Default Directory if your organization requires it.
Click Add permissions after each API. Your list should look like the following (Microsoft Graph only) or include SharePoint as above.

Step 3: Create a Client Secret

In the left menu, go to Manage → Certificates & secrets.
Open the Client secrets tab and click + New client secret.
Enter a Description (e.g. Nected Excel) and choose an Expires value (e.g. 365 days (12 months)), then click Add.
In the Client secrets table, copy the Value of the new secret using Copy to clipboard. Store it securely; the value is shown only once.

You will use this value as the Microsoft Excel client secret in nected-values.yaml.

Step 4: Confirm Redirect URI (If Not Set in Step 1)

If you didn’t set the redirect URI during registration:

Go to Manage → Authentication (Preview).
Under Platform configurations → Web, add a Redirect URI: https://<nected-ui-domain>/oauth/redirect.
Replace <nected-ui-domain> with your actual Nected UI host (no trailing slash) and save.

Step 5: Update Logo (Optional)

For a consistent experience in the Nected Integrations UI, you can upload a logo under Manage → Branding & properties. This step is optional.

Step 6: Note Application (Client) ID, Tenant ID, and Endpoints

Go to Overview. In the Essentials section, copy:
- Application (client) ID
- Directory (tenant) ID Use common in your Nected config for multitenant; for single tenant, use this Directory (tenant) ID.
For authUrl and tokenUrl in nected-values.yaml, use the OAuth 2.0 endpoints from Endpoints (or build them from your tenant ID):
- OAuth 2.0 authorization endpoint (v2): https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/authorize
- OAuth 2.0 token endpoint (v2): https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/token Replace <tenant-id> with your Directory (tenant) ID or use common for multitenant.

You will use the Client ID, client secret (from Step 3), tenant ID, and these URLs in the next section.

Update `nected-values.yaml`

Add MS Excel to CREDENTIAL_CONFIG_MAP

Open your nected-values.yaml file.
Search for the key CREDENTIAL_CONFIG_MAP.
Add the msexcel (Microsoft Excel) configuration into the existing config object. Merge it with any existing entries (e.g. slack, gsheet).

Example MS Excel config to add (adjust keys to match your Nected version):

{
  "msexcel": {
    "clientId": "<<YOUR-CLIENT-ID>>",
    "clientSecret": "<<YOUR-CLIENT-SECRET>>",
    "authUrl": "https://login.microsoftonline.com/common/oauth2/v2.0/authorize",
    "tokenUrl": "https://login.microsoftonline.com/common/oauth2/v2.0/token",
    "scopes": "openid profile User.Read Files.Read Files.ReadWrite offline_access MyFiles.Read MyFiles.Write",
    "redirectUri": "https://<nected-ui-domain>/oauth/redirect"
  }
}

If the above scopes do not work (e.g. consent or token errors), try this alternative scopes value. Replace <tenant> with your SharePoint tenant prefix (e.g. your org name so the host is https://<tenant>-my.sharepoint.com):

offline_access openid profile email User.Read Files.Read Files.ReadWrite https://<tenant>-my.sharepoint.com/AllSites.Read

Use this single space-separated string as the scopes value in the msexcel config above. Example: for tenant mukulnected, the last scope would be https://mukulnected-my.sharepoint.com/AllSites.Read.

Replace <<YOUR-CLIENT-ID>> with the Application (client) ID from Step 6.
Replace <<YOUR-CLIENT-SECRET>> with the client secret value from Step 3.
Replace https://<nected-ui-domain>/oauth/redirect with your actual redirect URI (same as in Entra).
For a single tenant, replace common in authUrl and tokenUrl with your Directory (tenant) ID (from Step 6 / Endpoints).

Add msexcel to SYNC_PLUGINS

In the same nected-values.yaml, search for SYNC_PLUGINS.
Add msexcel to the comma-separated list. For example:

SYNC_PLUGINS: mysql,mongodb,postgres,sqlserver,redshift,oracle,snowflake,restAPI,gsheet,slack,msexcel

Apply Changes and Run Plugin Migrations

Helm upgrade

helm repo update
helm upgrade -i nected nected/nected -f nected-values.yaml

Restart Nalanda (if needed)

If the Nalanda deployment does not pick up the new plugin:

kubectl rollout restart deploy nected-nalanda

Run plugin migrations

To ensure the MS Excel integration is registered and appears under the Integrations tab:

Get the Nalanda pod name:
```
kubectl get pods -l app=nected-nalanda
```

Run plugin migrations from inside the pod:

kubectl exec -it <<nalanda-pod-name>> -- /bin/bash
./nalanda sync plugin
exit

Replace <<nalanda-pod-name>> with the actual pod name.

After this, refresh the Nected UI and open Integrations. You should see the option to connect Microsoft Excel (Sign in with Microsoft). Users can then use the Excel connector in Workflows as described in the Microsoft Excel integration guide.

Summary Checklist

Open entra.microsoft.com → Entra ID → App registrations → New registration.
Fill in Name, Supported account types, and Redirect URI (Web: https://<nected-ui-domain>/oauth/redirect).
Add API permissions: Microsoft Graph (Delegated) — Files.Read, Files.ReadWrite, offline_access, openid, profile, User.Read; SharePoint (Delegated) — MyFiles.Read, MyFiles.Write. If needed, use the alternative scopes in nected-values.yaml.
Create a client secret under Certificates & secrets and copy the Value.
Copy Application (client) ID and Directory (tenant) ID from Overview (and OAuth endpoints from Endpoints if needed).
(Optional) Update logo under Branding & properties.
Add msexcel config to CREDENTIAL_CONFIG_MAP and msexcel to SYNC_PLUGINS in nected-values.yaml.
Run Helm upgrade, restart Nalanda if needed, then run plugin migrations (./nalanda sync plugin).

Troubleshooting

Excel not in Integrations list: Ensure msexcel is in SYNC_PLUGINS and run ./nalanda sync plugin inside the Nalanda pod.
OAuth or redirect errors: Confirm the redirect URI in Entra exactly matches the value in CREDENTIAL_CONFIG_MAP (including https and no trailing slash).
Consent or permission errors: Verify delegated permissions in Entra (Microsoft Graph and, if used, SharePoint) and grant admin consent if required. If issues persist, try the alternative scopes (including email and https://<tenant>-my.sharepoint.com/AllSites.Read).
Using Excel in Nected: The Excel integration is available only in Workflows, not in Rules. See Microsoft Excel for workflow usage.

PreviousSlack NextGoogle Sheet

Last updated 3 hours ago

hashtagPrerequisites

hashtagApp Registration (Microsoft Entra)

hashtagStep 1: Open Entra and Create the App

hashtagStep 2: Add API Permissions

hashtagStep 3: Create a Client Secret

hashtagStep 4: Confirm Redirect URI (If Not Set in Step 1)

hashtagStep 5: Update Logo (Optional)

hashtagStep 6: Note Application (Client) ID, Tenant ID, and Endpoints

hashtagUpdate nected-values.yaml

hashtagAdd MS Excel to CREDENTIAL_CONFIG_MAP

hashtagAdd msexcel to SYNC_PLUGINS

hashtagApply Changes and Run Plugin Migrations

hashtagHelm upgrade

hashtagRestart Nalanda (if needed)

hashtagRun plugin migrations

hashtagSummary Checklist

hashtagTroubleshooting