> ## Documentation Index
> Fetch the complete documentation index at: https://docs.maia.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# OAuth

export const m_runner = "Maia runner";

export const maia = "Maia";

{maia} supports OAuth 2.0 for connecting to third-party services such as Google.

## Create an OAuth connection

To set up a new OAuth entry, follow these steps:

1. In your project, click **More** and then click **OAuth**.

2. Click **Add OAuth connection**.

3. Complete the fields
   * **OAuth name:** A unique, descriptive name for your OAuth connection.
   * **Runner:** Select a {m_runner}. This is only required if you have a [Hybrid SaaS solution](/docs/guides/runner-overview#matillion-hosted-and-customer-hosted-agents). To learn how to create a {m_runner}, read [Create a {m_runner}](/docs/guides/create-a-runner).
   * **Provider:** Select a third-party **Provider**. For example, Google or Salesforce.
   * **Authentication type:** Currently only supports **OAuth 2.0 Authorization Code Grant** and **OAuth 2.0 client credentials**, depending on the connector.
   * **Description:** (Optional) Enter a description for your OAuth connection.
   <Note>
     If your OAuth provider requires a callback or redirect URL when registering your OAuth application, {maia} displays the correct URL for your region in the project explorer UI. The URL follows the format `https://projects.{region}.matillion.com/connections-oauth-redirect`, where `{region}` is `eu1`, `us1`, or `au1` depending on your account region.
   </Note>

4. Once these details are filled, the **Values** section will expand to allow you to [configure values and overrides](#configure-values-and-overrides).

   <Note>
     If the **Values** section requires you to enter provider-specific credentials, see [Authenticating specific OAuth providers](#authenticating-specific-oauth-providers).
   </Note>

5. Click **Authorize**.

6. A new browser tab will open, connecting you to the third party. Select your account, and complete the connection (e.g. in Google, click **Allow**). Upon success, this browser tab will close.

7. The **OAuth connections** menu will now display your new OAuth connection.

Your new OAuth connection is ready for use with corresponding third-party connectors.

### Configure values and overrides

The **Values** section lets you manage how different environments authenticate without the need for complex variables.

* **Default values**: Toggle this on to set a fallback for all environments. This allows you to share a single credential across multiple environments.
* **Environment overrides**: You will see a list of your specific environments. You can toggle these on individually to provide unique credentials that override the default value for that specific environment.

***

## Authenticating specific OAuth providers

Sometimes, authenticating a connection to an OAuth provider is more complex than the steps described above. The following linked guides and sub-sections of this guide provide instructions to create an OAuth connection to a specific provider, if this process involves additional steps. If the OAuth provider you're authenticating isn't listed, this means that you can create an OAuth connection to this provider by following the steps in [Create an OAuth connection](#create-an-oauth-connection).

* [Bing](/docs/guides/bing-ads-query-authentication-guide)
* [HubSpot](/docs/guides/hubspot-authentication-guide)
* [Kafka](/docs/guides/kafka-authentication-guide)
* [Kafka Confluent Cloud](/docs/guides/kafka-authentication-guide)
* [Marketo](/docs/guides/marketo-authentication-guide)
* [Microsoft Exchange](/docs/components/microsoft-exchange#connect)
* [NetSuite](/docs/guides/netsuite-query-authentication-guide)
* [NetSuite SuiteAnalytics](/docs/guides/netsuite-suiteanalytics-authentication-guide)
* [Salesforce](/docs/guides/salesforce-authentication-guide)
* [ServiceNow](/docs/guides/servicenow-authentication-guide)
* [Workday](/docs/guides/workday-authentication-guide)

### Google

If you see the error "This app is blocked" from Google during the OAuth creation process, you may need to alter your Google security settings to allow app access:

1. Log in to the [Google Admin console](https://admin.google.com/) with an account that has administrator privileges.
2. Follow the instructions to configure a new app in the [Manage app access to Google services & add apps](https://support.google.com/a/answer/7281227?hl=en#trustorlimit\&zippy=%2Cconfigure-a-new-app) section of the Google documentation.

<Note>
  * {maia}'s client ID is `192174083921-gcguirlj6ltqcreni233koj6r1r3ner1.apps.googleusercontent.com`.
  * You will need to grant {maia} **Trusted** access.
</Note>

### Microsoft Dynamics 365

The account you use to authorize the OAuth connection to Microsoft Dynamics 365 must have at least the Basic (also known as User) access level and Read privileges. For more information, read the Microsoft Dynamics 365 [Security roles](https://learn.microsoft.com/en-us/dynamics365/customerengagement/on-premises/admin/security-roles-privileges) documentation.

To create an OAuth connection for Microsoft Dynamics 365:

1. In **Organization URL**, enter your Microsoft Dynamics 365 organization URL. This is the first part of the URL shown when you log in to Microsoft Dynamics 365, for example `https://companyname.crm11.dynamics.com`.
2. In **Edition**, select your Microsoft Dynamics 365 edition.

### Microsoft SharePoint

To create an OAuth connection for Microsoft SharePoint, you'll need your SharePoint root URL, for example `https://companyname.sharepoint.com`.

***

## Delete an OAuth connection

<Warning>
  Pipelines reference an OAuth connection by name. If you delete an OAuth connection that's in use, any pipeline that references it will stop working—{maia} doesn't fail over to another OAuth connection. Before you delete an OAuth connection, make sure no pipelines depend on it.
</Warning>

1. In your project, click **More** and then click **OAuth**.
2. Click the three dots **...** on the corresponding row of an OAuth you want to delete.
3. Click **Delete OAuth**.
4. Click **Yes, delete** to confirm deletion. Otherwise, click **Cancel**.
