# Office 365 Vendor Discovery Integration

The Office 365 Vendor Discovery integration enables Sprinto to automatically discover third-party vendors accessed through Microsoft 365 single sign-on (SSO). Sprinto identifies vendors by analysing application and sign-in data available in Microsoft Entra ID (formerly Azure Active Directory).

This integration helps you maintain an accurate vendor inventory and supports continuous compliance monitoring. It requires **Office 365 to be connected as an Identity Provider** before Vendor Discovery can be enabled.

Sprinto uses **read-only Microsoft Graph permissions** and does not modify any data in your Office 365 tenant.

**Prerequisites**

* Office 365 connected to Sprinto as an **Identity Provider**
* Any paid Microsoft 365 business plan
* Global Administrator access to the Microsoft Entra ID tenant
* Admin access in Sprinto

***

### Permissions required

Sprinto follows the principle of least privilege and requests only the permissions required to identify vendors accessed through Microsoft 365 SSO.

#### On Office 365 (Microsoft Entra ID)

The following Microsoft Graph permissions are requested during authentication:

<table><thead><tr><th width="226.234375">Permission</th><th width="367.05078125">Purpose</th></tr></thead><tbody><tr><td><code>Application.Read.All</code></td><td>Read application and enterprise app metadata</td></tr><tr><td><code>Directory.Read.All</code></td><td>Read directory objects</td></tr><tr><td><code>Reports.Read.All</code></td><td>Read sign-in and usage reports</td></tr><tr><td><code>User.Read</code></td><td>Read signed-in user information</td></tr><tr><td><code>User.Read.All</code></td><td>Read user profiles</td></tr></tbody></table>

**Important**

* All permissions are **read-only**.
* Sprinto does not create, update, or delete applications, users, or configurations.
* Admin consent is required during authentication.

#### On Sprinto

* Admin access is required to configure integrations.

***

### How it works

Once enabled, Sprinto authenticates with Microsoft Entra ID using OAuth and analyses:

* Enterprise applications configured for Microsoft 365 SSO
* Sign-in and usage reports
* User access patterns associated with third-party applications

Sprinto uses this information to:

* Automatically discover vendors accessed through Office 365 SSO
* Populate and maintain your vendor inventory
* Support vendor risk assessment and compliance workflows

Sprinto performs an initial discovery after connection and continues to refresh vendor data automatically.

***

### Connect Office 365 Vendor Discovery to Sprinto

#### Steps in Sprinto

1. Sign in to the Sprinto dashboard.
2. Go to **Settings → Integrations**.
3. Search for **Office 365**.

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2Fxzj2svLrKsrGeKjvAk0o%2FScreenshot%202025-12-30%20at%2015.06.26.png?alt=media&#x26;token=1c8976af-2a50-4092-a354-27ebe109af33" alt=""><figcaption></figcaption></figure>

4. Ensure **Office 365 – Identity Provider** shows as **Connected**.
5. Under **Office 365 – Vendor Discovery**, select **Connect**.

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2F93j2q6ulbhhAVPfie2bb%2FScreenshot%202025-12-30%20at%2015.08.00.png?alt=media&#x26;token=49301a4f-6c3b-42a9-a3a7-f55ec3ea26b1" alt="" width="375"><figcaption></figcaption></figure>

6. Review the permissions and data usage details, then select **Next**.

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2F1eimZCwzIexPfujMsChA%2FScreenshot%202025-12-30%20at%2015.08.45.png?alt=media&#x26;token=49bd1950-ec53-4fd2-be59-7a011f7e4264" alt="" width="375"><figcaption></figcaption></figure>

7. Confirm that you have admin access to Office 365.
8. Select **Connect Office365** to initiate authentication.

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FGGUTK9v6FmmxNcJG8Xq8%2FScreenshot%202025-12-30%20at%2015.09.33.png?alt=media&#x26;token=157448e0-da78-4a1d-bd3a-9dc9575ea3aa" alt="" width="375"><figcaption></figcaption></figure>

***

#### Steps in Microsoft Entra ID

1. When redirected, sign in using a **Global Administrator** account.
2. Review the requested Microsoft Graph permissions.
3. Grant **admin consent** to allow Sprinto to read application and sign-in data.

After authorisation, you are redirected back to Sprinto.

***

#### Confirm successful connection

Once the connection is complete:

* The integration status updates to **Connected**
* Sprinto begins analysing Microsoft 365 SSO usage
* Vendor discovery checks become active

***

### Post-integration behaviour (PCF flow)

After the integration is enabled:

* Sprinto discovers vendors accessed through Office 365 SSO
* Newly identified vendors appear in the vendor inventory
* Vendor data is refreshed automatically based on Microsoft Entra ID reports
* You can proceed with risk assessment and due diligence workflows for discovered vendors

Initial discovery may take several minutes, depending on tenant size and SSO usage.

***

### Troubleshooting

#### Unable to connect Vendor Discovery

**Cause:** Office 365 Identity Provider is not connected.\
**Resolution:** Connect Office 365 as an Identity Provider first, then retry the Vendor Discovery integration.

***

#### Vendors not appearing after connection

**Cause:** Insufficient permissions or limited SSO activity.\
**Resolution:** Verify that all requested permissions were granted and allow time for initial discovery to complete.

***

#### Admin consent prompt does not appear

**Cause:** The signed-in user does not have Global Administrator privileges.\
**Resolution:** Sign in using a Global Administrator account and retry the integration.