WEDGE · SETUP TASK
Set up the Microsoft app for Wedge (Outlook + Teams)
For: whoever Kevin delegates this to (no coding needed) · Time: ~20–30 min
Wedge needs one Microsoft "app registration" so our clients can connect their Outlook and
Teams. You create it once; every client reuses it.
✅ What to send back to Kevin
Copy these four things into a message. The secret is sensitive — send it via
1Password / a private DM, not a public channel.
- Application (client) ID — like
11111111-2222-3333-4444-555555555555
- Directory (tenant) ID — same format
- Client secret VALUE — a long random string (⚠️ shown only once — see Step 4)
- Secret expiry date — the date you pick in Step 4
Before you start
Sign in to Microsoft Entra with a work/school Microsoft 365 account that is an admin of
the Wedge organization.
- If Kevin gave you a Wedge Microsoft admin login, use that.
- If Wedge has no Microsoft tenant yet, stop and tell Kevin — he needs to sort that first.
Go to https://entra.microsoft.com and sign in (complete the
phone/MFA prompt if asked).
If the site looks different, you can do the identical steps at
portal.azure.com → search “Microsoft Entra ID”.
Step 1 — Create the app
- Left menu → Entra ID → App registrations.
- Click + New registration.
- Name:
Wedge Connectors.
- Supported account types: choose “Multiple Entra ID tenants”.
⚠️ Not “Single tenant”, and not the option that also says “Personal Microsoft accounts”.
- Redirect URI: set the platform dropdown to Web, then paste exactly:
https://mcp.wedgeai.work/oauth/microsoft/callback
- Click Register.
- On the Overview page, copy Application (client) ID and Directory (tenant) ID
(deliverables #1 and #2).
Step 2 — (Only if you skipped the redirect URI)
- Left menu under Manage → Authentication.
- + Add a platform → Web tile.
- Paste
https://mcp.wedgeai.work/oauth/microsoft/callback into Redirect URIs.
- Leave the Access tokens and ID tokens checkboxes unchecked.
- Click Configure.
Step 3 — Add the permissions
- Left menu under Manage → API permissions.
- + Add a permission → Microsoft Graph tile.
- Click Delegated permissions (NOT “Application permissions”).
- Search for and tick each of these 14, then click Add permissions:
offline_access
openid
profile
User.Read
Mail.ReadWrite
Mail.Send
Calendars.ReadWrite
Team.ReadBasic.All
Channel.ReadBasic.All
ChannelMessage.Read.All
ChannelMessage.Send
Chat.Read
Chat.ReadWrite
ChatMessage.Send
openid, profile, offline_access are under a group called “OpenId permissions”.
- Click Grant admin consent for <your org> → Yes. The Status column should turn green ✔.
If the button is greyed out, you’re not an admin — tell Kevin.
Step 4 — Create the secret (the app’s password)
- Left menu under Manage → Certificates & secrets → Client secrets tab.
- + New client secret. Description:
wedge-prod.
- Expires: choose 24 months (the max). Write down the expiry date (deliverable #4).
- Click Add.
- ⚠️ Copy the Value immediately — the long string in the Value
column (deliverable #3). It’s shown only once; refresh the page and it’s gone forever.
Do not copy the “Secret ID” — that’s the wrong one.
Step 5 — Publisher verification (recommended, optional)
Adds a blue “verified” badge so clients’ IT won’t block the app. It needs a Microsoft Partner account,
so it may need Kevin. If you don’t have that, skip it and tell Kevin — it can be added later
without breaking anything.
You’re done 🎉
Send Kevin the four items from the box at the top. Double-check:
- Account type = Multiple Entra ID tenants.
- Permissions are under Delegated, and you clicked Grant admin consent.
- You copied the secret Value (not Secret ID) and saved the expiry date.
- Redirect URI is exactly
https://mcp.wedgeai.work/oauth/microsoft/callback.