Skip to main content

Overview

To connect Microsoft (Client Credentials - Certificate) in Nango, you need to provide:
  1. Tenant ID — The unique identifier for your organization in Azure.
  2. Scope — The resource you want to access, suffixed with .default (e.g. https://graph.microsoft.com/.default).
  3. Client ID — The unique identifier Azure assigns to your registered application.
  4. Private Key — The RSA private key (PEM format) matching the certificate you uploaded to your app registration.
  5. Certificate Thumbprint (x5t#S256) — The base64url-encoded SHA-256 thumbprint of your certificate, used to identify it in the JWT assertion.
This guide walks you through generating and finding these credentials in Azure.

Prerequisites

  • An active Azure account with the appropriate Microsoft product subscription.
  • OpenSSL or equivalent tooling to generate a certificate and private key.

Step 1: Finding your Tenant ID

Your Tenant ID is shown in the Tenant ID field on the Azure Active Directory Overview page.

Step 2: Registering your application and finding your Client ID

  1. Go to the Azure portal and select App registrations.
  1. Select New registration, give your application a name, and click Register.
  1. Once registered, your Client ID is shown in the Application (client) ID field under Essentials.

Step 3: Generating a certificate and uploading it to Azure

  1. Generate an RSA private key and a self-signed certificate using OpenSSL:
openssl req -x509 -newkey rsa:2048 -keyout private_key.pem -out certificate.pem -days 365 -nodes \
  -subj "/CN=MyNangoApp"
This produces private_key.pem (your private key) and certificate.pem (your certificate).
  1. In your app registration, navigate to Certificates & secretsCertificatesUpload certificate, and upload certificate.pem.
  1. After uploading, Azure confirms the certificate was registered.

Step 4: Computing the Certificate Thumbprint (x5t)

The x5t#S256 value is the base64url-encoded SHA-256 thumbprint of your certificate. Run this command against your local certificate.pem to compute it: 
openssl x509 -in certificate.pem -fingerprint -sha256 -noout \
  | sed 's/.*Fingerprint=//;s/://g' \
  | xxd -r -p \
  | base64 \
  | tr '+/' '-_' \
  | tr -d '='
The output is your Certificate Thumbprint (x5t#S256) value.

Step 5: Granting API permissions

  1. In your app registration, go to API permissionsAdd a permissionMicrosoft Graph.
  2. Select Application permissions, choose the permissions your app requires, and click Add permissions.
  3. Click Grant admin consent to activate the permissions.

Step 6: Enter credentials in the Connect UI

Once you have all credentials:
  1. Open the connection form in Nango.
  2. Enter the Tenant ID, Scope, Client ID, the contents of private_key.pem as Private Key, and the computed value as Certificate Thumbprint (x5t#S256).
  3. Submit the form to authenticate.
You are now connected to Microsoft (Client Credentials - Certificate).