Skip to main content

👤 Interactive auth

This authentication method opens a browser window and prompts the user to sign into their Microsoft tenant.

It currently requires the user to authenticate each time the client application (Claude, VS Code) is started.

Interactive auth also allows the client to dynamically request and consent to additional permissions without having to look up the app in the Entra portal and grant permissions.

Option 1: Interactive auth with default app

This method is outlined in the quick start Install Guide

Option 2: Interactive auth with custom app

If you wish to use a custom Microsoft Entra app, you can create a new app registration in your Microsoft Entra tenant.

Create an Entra app for App-Only auth with Lokka

  • Open Entra admin center > Identity > Applications > App registrations
  • Select New registration
  • Enter a name for the application (e.g. Lokka)
  • Leave the Supported account types as Accounts in this organizational directory only (Single tenant).
  • In the Redirect URI section, select Public client/native (mobile & desktop) and enter http://localhost.
  • Select Register
  • Select API permissions > Add a permission
    • Select Microsoft Graph > Delegate permissions
      • Search for each of the permissions and check the box next to each permission you want to allow.
      • Start with at least User.Read.All to be able to query users in your tenant (you can add more permissions later).
        • The agent will only be able to perform the actions based on the permissions you grant it.
      • Select Add permissions
  • Select Grant admin consent for [your organization]
  • Select Yes to confirm

In Claude desktop or VS Code you will need to provide the tenant ID and client ID of the application you just created.

The USE_INTERACTIVE needs to be set to true when using a custom app for interactive auth.

{
    "Lokka-Microsoft": {
      "command": "npx",
      "args": ["-y", "@merill/lokka"],
      "env": {
        "TENANT_ID": "<tenant-id>",
        "CLIENT_ID": "<client-id>",
        "USE_INTERACTIVE": "true"
      }
    }
  }