Before you begin Configuring Microsoft Entra ID Setting up the connector in Amazon Quick Available actions Managing and troubleshooting

Microsoft OneNote integration

With the Microsoft OneNote action connector, you can manage notebooks, sections, and pages from your Microsoft 365 account directly in Amazon Quick through natural language. The connector uses Microsoft Graph for OneNote operations.

Amazon Quick supports two authentication methods for Microsoft OneNote. Choose the method that best fits your organization's security requirements.

Default OAuth app – Uses an AWS-managed OAuth application. No additional credentials are needed. Users authenticate directly with their Microsoft 365 account.
Custom OAuth app – Uses a customer-managed application registered in Microsoft Entra ID. This option gives your organization full control over the OAuth configuration.

For more information about the authentication methods that Amazon Quick supports, see Authentication methods.

Before you begin

Make sure that you have the following before you set up the integration.

An active Microsoft 365 account with access to the OneNote notebooks that you want to use.
For Custom OAuth app: Access to Microsoft Entra ID (formerly Azure Active Directory) to register an application and configure Microsoft Graph permissions for OneNote.
For Amazon Quick subscription requirements, see Set up integrations in the console.

Configuring Microsoft Entra ID

If you are using Default OAuth app authentication, skip this section and proceed to Setting up the connector in Amazon Quick.

For Custom OAuth app authentication, register an application in the Microsoft Entra admin center and configure Microsoft Graph permissions for OneNote (such as Notes.Read, Notes.ReadWrite, or Notes.Read.All as needed). Add the Amazon Quick callback URL https://{region}.quicksight.aws.amazon.com/sn/oauthcallback as a redirect URI. Replace {region} with your AWS Region (for example, us-east-1). For step-by-step instructions, see Authentication and authorization basics in the Microsoft Graph documentation. Record the Application (client) ID and a client secret value — you need them when you configure Amazon Quick.

Setting up the connector in Amazon Quick

Connect from the Available tab

If you want to use Default OAuth app authentication, you can connect directly from the Available tab without additional configuration.

In the Amazon Quick console, choose Connectors.
On the Available tab, find OneNote and choose Connect.
Complete the Microsoft sign-in flow and grant the requested permissions.

To configure a connector with Custom OAuth app instead, use the Create for your team tab as described below.

Create from the Create for your team tab

In the Amazon Quick console, choose Connectors.
Choose the Create for your team tab.
Find and choose OneNote.
Enter a Name for your connector. Optionally, choose + Add Description to add a description.
For Connection type, choose Public network.
For OAuth Configuration, choose one of the following authentication methods and configure the required fields.
1. For Default OAuth app:
  
  No additional credentials are needed. Choose Next to continue.
2. For Custom OAuth app, configure the following fields:
  - Base URL (Optional) – The Microsoft Graph base URL. Example: https://graph.microsoft.com/v1.0
  - Client ID – The Application (client) ID from your Microsoft Entra ID app registration.
  - Public OAuth client (Optional) – Select this option if your Microsoft Entra ID app is configured as a public client (no client secret).
  - Client secret – The client secret value from your Microsoft Entra ID app registration.
  - Token URL – The Microsoft identity platform token endpoint. Example: https://login.microsoftonline.com/common/oauth2/v2.0/token
  - Authorization URL – The Microsoft identity platform authorization endpoint. Example: https://login.microsoftonline.com/common/oauth2/v2.0/authorize
  - Redirect URL – Pre-filled with the Amazon Quick callback URL.
  Note
  For tenant-specific authentication, replace common in the Token URL and Authorization URL with your Microsoft Entra ID tenant ID.
Choose Next.
A Microsoft sign-in window opens. Review the requested permissions and choose Accept.
On the Review page, review the available actions for the connector. Choose Next.
On the Publish page, choose who can access the connector. You can enable access for everyone in your organization or search for specific teams or groups.
Choose Publish.

Available actions

After you set up the connector, the actions exposed by OneNote are available. To see the current set of actions for your connector, go to the connector's Available actions view in the Amazon Quick console.

Managing and troubleshooting

To edit, share, or delete your connector, see Managing existing integrations.

Authentication issues

Sign-in fails (Default OAuth app or Custom OAuth app) – Verify that your Microsoft 365 account is active and that you can sign in to OneNote on the web directly. For Custom OAuth app, confirm that the redirect URI in your Microsoft Entra ID app matches the Amazon Quick callback URL.
Insufficient permissions – Verify that the Microsoft Graph permissions configured on your Microsoft Entra ID app include the OneNote scopes required for the operations you want to use, and that admin consent has been granted if required.
Invalid client credentials (Custom OAuth app) – Verify that the Client ID and Client secret match the values in your Microsoft Entra ID app registration. Confirm that the client secret has not expired.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Troubleshooting

Microsoft Outlook integration