Credentials used by automation blocks in automations, workflows and Sidekick AI skills are stored using monday.com's recently added 'Workflow credentials' feature.
Workflow credentials are a way to allow access to a remote app such as Microsoft 365 from within monday.com. This mechanism is entirely owned and performed by monday.com, and so abstracts the complicated work away from third-party developers.
User credentials are stored securely by monday.com themselves, and third-parties are only given a short-lived expiring token for accessing external systems.
Which features of monday.com can use workflow credentials?
Which OAuth permissions are required for the app?
The permission scope requested is limited to what the integration requires: read and write access to SharePoint document libraries and OneDrive for Business, scoped to each authenticated user's existing permissions.
Microsoft 365 permissions & admin consent explained
How to revoke access to Microsoft 365
Revoking access for individual users
In monday.com:
In Microsoft 365:
Access your account settings under Connected apps and services to revoke access.
Revoking access for all users in the account
Currently, there appears to be no self-service way for all users in the account from within monday.com. Contact support@monday.com for assistance.
Microsoft 365 admin revocation:
Access the Azure portal via Microsoft Entra ID to remove the Enterprise Application, disable sign-in, or revoke permissions.