> For the complete documentation index, see [llms.txt](https://docs.sprinto.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.sprinto.com/integrations/overview/office-365-vendor-discovery-integration.md). # Office 365 Vendor Discovery Integration The Office 365 Vendor Discovery integration enables Sprinto to automatically discover third-party vendors accessed through Microsoft 365 single sign-on (SSO). Sprinto identifies vendors by analysing application and sign-in data available in Microsoft Entra ID (formerly Azure Active Directory). This integration helps you maintain an accurate vendor inventory and supports continuous compliance monitoring. It requires **Office 365 to be connected as an Identity Provider** before Vendor Discovery can be enabled. Sprinto uses **read-only Microsoft Graph permissions** and does not modify any data in your Office 365 tenant. **Prerequisites** * Office 365 connected to Sprinto as an **Identity Provider** * Any paid Microsoft 365 business plan * Global Administrator access to the Microsoft Entra ID tenant * Admin access in Sprinto *** ### Permissions required Sprinto follows the principle of least privilege and requests only the permissions required to identify vendors accessed through Microsoft 365 SSO. #### On Office 365 (Microsoft Entra ID) The following Microsoft Graph permissions are requested during authentication:

Permission	Purpose
`Application.Read.All`	Read application and enterprise app metadata
`Directory.Read.All`	Read directory objects
`Reports.Read.All`	Read sign-in and usage reports
`User.Read`	Read signed-in user information
`User.Read.All`	Read user profiles

**Important** * All permissions are **read-only**. * Sprinto does not create, update, or delete applications, users, or configurations. * Admin consent is required during authentication. #### On Sprinto * Admin access is required to configure integrations. *** ### How it works Once enabled, Sprinto authenticates with Microsoft Entra ID using OAuth and analyses: * Enterprise applications configured for Microsoft 365 SSO * Sign-in and usage reports * User access patterns associated with third-party applications Sprinto uses this information to: * Automatically discover vendors accessed through Office 365 SSO * Populate and maintain your vendor inventory * Support vendor risk assessment and compliance workflows Sprinto performs an initial discovery after connection and continues to refresh vendor data automatically. *** ### Connect Office 365 Vendor Discovery to Sprinto #### Steps in Sprinto 1. Sign in to the Sprinto dashboard. 2. Go to **Settings → Integrations**. 3. Search for **Office 365**.

4. Ensure **Office 365 – Identity Provider** shows as **Connected**. 5. Under **Office 365 – Vendor Discovery**, select **Connect**.

6. Review the permissions and data usage details, then select **Next**.

7. Confirm that you have admin access to Office 365. 8. Select **Connect Office365** to initiate authentication.

*** #### Steps in Microsoft Entra ID 1. When redirected, sign in using a **Global Administrator** account. 2. Review the requested Microsoft Graph permissions. 3. Grant **admin consent** to allow Sprinto to read application and sign-in data. After authorisation, you are redirected back to Sprinto. *** #### Confirm successful connection Once the connection is complete: * The integration status updates to **Connected** * Sprinto begins analysing Microsoft 365 SSO usage * Vendor discovery checks become active *** ### Post-integration behaviour (PCF flow) After the integration is enabled: * Sprinto discovers vendors accessed through Office 365 SSO * Newly identified vendors appear in the vendor inventory * Vendor data is refreshed automatically based on Microsoft Entra ID reports * You can proceed with risk assessment and due diligence workflows for discovered vendors Initial discovery may take several minutes, depending on tenant size and SSO usage. *** ### Troubleshooting #### Unable to connect Vendor Discovery **Cause:** Office 365 Identity Provider is not connected.\ **Resolution:** Connect Office 365 as an Identity Provider first, then retry the Vendor Discovery integration. *** #### Vendors not appearing after connection **Cause:** Insufficient permissions or limited SSO activity.\ **Resolution:** Verify that all requested permissions were granted and allow time for initial discovery to complete. *** #### Admin consent prompt does not appear **Cause:** The signed-in user does not have Global Administrator privileges.\ **Resolution:** Sign in using a Global Administrator account and retry the integration. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.sprinto.com/integrations/overview/office-365-vendor-discovery-integration.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.