Create Microsoft Outlook Credentials in n8n: Step-by-Step Guide

Overview

This tutorial walks you through creating Microsoft Outlook (Microsoft Graph) credentials in n8n. You’ll register an application in the Azure Portal, configure OAuth2 settings and required permissions, add the credential in n8n, and test a simple send-mail request. This guide is beginner-friendly and includes troubleshooting tips and best practices for secure automation.

Why this matters

n8n uses OAuth2 to authenticate with Microsoft services (Outlook via Microsoft Graph). Correctly creating credentials ensures your workflows can read, send, and manage email securely and automatically without storing user passwords.

Prerequisites

An n8n instance (cloud or self-hosted) with a reachable URL (HTTPS recommended).
An Azure Active Directory account with permission to register applications.
Basic familiarity with n8n and the Microsoft Graph API.

Step 1 — Register an app in Azure Active Directory

1. Sign in to the Azure Portal: https://portal.azure.com
2. Navigate to Azure Active Directory > App registrations.
3. Click New registration.
4. Enter a name like: `n8n-Outlook-Connector`.
5. Choose Supported account types:
– Single-tenant (`Accounts in this organizational directory only`) or
– Multi-tenant (`Accounts in any organizational directory`) depending on who will use the credential.
6. Under Redirect URI*, choose *Web and set the URI to your n8n callback:

– Example: `https://your-n8n-domain.com/rest/oauth2-credential/callback`

If you’re developing locally, use `http://localhost:5678/rest/oauth2-credential/callback` and consider using ngrok for HTTPS (see troubleshooting).
7. Click Register.

Step 2 — Configure authentication and create a client secret

1. Open the newly registered app and go to Authentication.
2. Ensure the redirect URI you added is listed. Make sure Allow public client flows is disabled for security unless you need it.
3. Go to Certificates & secrets* → **New client secret**. Add a description and expiry, then click *Add.
4. Copy the Client secret value now — you won’t be able to see it later.
5. Note the Application (client) ID* and *Directory (tenant) ID from the app Overview page. You’ll need these in n8n.

Step 3 — Add API permissions

1. In the app, go to API permissions* → **Add a permission** → **Microsoft Graph** → *Delegated permissions.
2. Add the following minimal recommended delegated scopes for typical Outlook actions:
– Mail.Send
– Mail.ReadWrite
– Mail.ReadWrite.Shared (if interacting with shared mailboxes)
– offline_access
– openid
– profile
– User.Read
3. Click Add permissions.
4. If you’re an admin or want a smooth experience for all users, click Grant admin consent for your tenant (this requires admin rights).

Note: For service-to-service (app-only) scenarios, you would use application permissions and client credentials flow. Most n8n Outlook integrations use delegated OAuth2 which requires a user to consent.

Step 4 — Create the Outlook credential in n8n

1. Open your n8n instance in a browser.
2. Go to Credentials* → *New credential.
3. Search for and select Microsoft Outlook OAuth2 API* (or *Microsoft Graph depending on your n8n version).
4. Fill the credential fields:
– Client ID: (Application (client) ID from Azure)
– Client Secret: (the client secret you created)
– Tenant ID: (Directory (tenant) ID) — some n8n versions require it; others auto-detect.
– Auth URI: https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize
– Token URI: https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
– Scopes: openid profile offline_access Mail.Send Mail.ReadWrite
5. Click Save & Connect (or the equivalent). n8n will open the Microsoft login/consent screen.
6. Sign in with the account that will be used for automation and consent to the requested permissions.
7. After successful authentication you’ll be redirected back to n8n and the credential will be stored with access and refresh tokens.

Step 5 — Test with a simple send-mail in n8n

You can test the credential using the built-in Microsoft Outlook node or the HTTP Request node.

Example using HTTP Request node (Graph API):

1. Create a new workflow.
2. Add an HTTP Request node configured as:
– Method: POST
– URL: `https://graph.microsoft.com/v1.0/me/sendMail`
– Authentication: OAuth2
– OAuth2 Credential: Select the credential you created
– Body Content Type: JSON
– Body:

json
{
  "message": {
    "subject": "Test from n8n",
    "body": {
      "contentType": "Text",
      "content": "Hello from n8n via Microsoft Graph!"
    },
    "toRecipients": [
      { "emailAddress": { "address": "recipient@example.com" } }
    ]
  }
}

3. Execute the node. You should receive a 202 Accepted if the email was queued correctly.

Best practices and security

Use HTTPS for your n8n URL and the redirect URI — OAuth2 requires secure callbacks in production.
Limit scopes to the minimal permissions required (principle of least privilege).
Rotate client secrets regularly and record their expiry in a secure secrets manager.
If self-hosting behind a proxy, set n8n environment variables (N8N_PROTOCOL, N8N_HOST, N8N_PORT, and N8N_URL) so the OAuth callback URL is generated correctly.
If your organization uses conditional access or MFA, user login during the OAuth consent flow may require admin involvement.

Troubleshooting

Redirect URI mismatch: Make sure the callback URL in Azure exactly matches your n8n callback (`https://your-n8n-domain/rest/oauth2-credential/callback`).
Invalid client secret: Recreate the secret in Azure and update the credential in n8n.
Insufficient permissions: Add the required Graph permissions and grant admin consent if necessary.
Local development over HTTP: Use ngrok (https://ngrok.com) to expose a temporary HTTPS endpoint and set that as redirect URI.
Token refresh failing: Ensure `offline_access` scope is included so a refresh token is issued.

Advanced notes

App-only (client credentials) flow: If you need app-only access (no user), configure application permissions in Azure and use client credentials. n8n’s built-in Microsoft Outlook node may not support app-only for all endpoints — check the node docs. You can still call Graph with client credentials using the HTTP Request node and a custom OAuth2 credential configured for client credentials (if supported).
Shared mailboxes: Add `Mail.ReadWrite.Shared` if interacting with shared mailboxes.

Conclusion and next steps

You now know how to register an Azure app, configure OAuth2 permissions, create a Microsoft Outlook credential in n8n, and test sending an email. Next, build workflows that automate email-driven processes:

Automatically create tasks from inbound emails.
Parse attachments and save to cloud storage.
Trigger workflows on new email and route messages to Slack or a CRM.

Explore the Microsoft Outlook node in n8n for higher-level actions and check n8n community examples for real-world patterns.

Happy automating!

Tagged API, Automation, Beginner, Integrations, Security