Start a conversation

Options when creating the Azure app for Digital Sign Service


Summary

During the configuration of Digital Sign Service (DSS) for Server with Active Directory in O365 (Azure AD), we need to create an application registration with rights to read Active Directory objects in your O365 tenant.

In this article, there are two App Registrations in Azure covered:

Create Azure app for reservation management (this is required for the system to work) 

Create Azure app for Keyboard function in DSS Client and Log in function in Workspace (this is optional, it is used for Workspace app and user authentication from the door signs)

Create Azure app for mail sending function




Create Azure app for reservation management

1. Log on Azure portal with your Azure account. 

2. If your account gives you access to more than one, click your account in the top right corner, and set your portal session to the desired Azure AD tenant. 

3. In the left-hand navigation pane, click the Azure Active Directory service (if it absent, click on All services and find it by name), click App registrations → New registration.

4. When the Register an application page appears, enter your application's registration information:

- Name: Enter DigitalSignService.MachineName (or any name you want). 

Note: Name of the web app must not include spaces or digits. 

- Supported account types: Select ‘Accounts in this organizational directory only’. 

- Redirect URI: Enter your web app URL (the address of a web page where users can sign in and use your app). The APP ID URI is your Azure Tenant URI followed by your app name (unique identifier for Azure AD to identify your app). 

5. When finished, click Register

6. Go to Authentication, select No for ‘Treat application as a public client

7. Go to Certificates & secrets → New client secret (key): 

Note: Select ‘24 months’ for Expires.

8. Add a description for your key and click [Add]. The right-most column will contain the key value (Password), after you save the configuration changes. Be sure to copy the Value for use in Digital Sign Service (inside it’s Password field), as it is not accessible once you leave this page.

9. Click [Overview] to go back. The Application (Client) ID field will contain App principal ID for Digital Sign Service.

- Click the API Permissions section on the menu → Add a permission. Select tab Microsoft APIs → Click [Microsoft Graph].

- In the opened panel, click [Delegated permissions], scroll down to Directory and check on permissions as shown in the following figures:



NOTE: The User.Read permission is needed for use of NFC card reader in DSS Client and for retrieving token thanks to which the system can work normally. 

- After that, click [Application permissions], scroll down to Calendars, Directory and Users and check on permissions as shown in the following figures:


NOTE: If you only want to set permissions for viewing appointments on client side (i.e. user cannot create, extend, and end meetings), the Calendars.ReadWrite permission should be replaced by Calendars.Read permission.

- Click [Add permissions] at the bottom of the panel. 

- Then click [Grant admin consent for ...] to finish.

10. Set Redirect URL(s) in [Authentication] tab

In [Authentication] tab, click [Add a platform] then select Web applications/Web on the right panel. Click [Add URI] and enter the Redirect URI of the application.

NOTE: It is required to use HTTPS protocol when using O365/Azure. In case HTTP protocol is used, you need to use PowerShell to set Redirect URL(s) for the app in [Authentication] tab. 


The following two redirect URLs must be added by clicking [Add URI]:

  • https://[YourDomainName]/DigitalSignService/Domain/Authorize
  • https://[YourDomainName]/DigitalSignService/Admin/LoginWithSSOCallback

Once the app described above has been created, you must collect this information for configuration in Digital Sign Service.

  • Application (Client) ID must be entered in “App principal ID” field.
  • Secret Key must be entered in “Password” field.
  • Tenant Name must be entered in “Tenant name” field. (xx.onmicrosoft.com)




Create Azure app for Keyboard function in DSS Client and Log in function in Workspace

1. Log on Azure portal with your Azure account.

2. If your account gives you access to more than one, click your account in the top right corner, and set your portal session to the desired Azure AD tenant.

3. In the left-hand navigation pane, click the Azure Active Directory service (if it absent, click on All services and find it by name), click App registrations --> New registration.

4. When the Register an application page appears, enter your application's registration information:

  • Name: Enter WorkSpace.Authentication (or any name you want).
  • Note: Name of the web app must not include spaces or digits.
  • Supported account types: Select ‘Accounts in this organizational directory only’.
  • Redirect URI: Enter your web app URL (the address of a web page where users can sign in and use your app). The APP ID URI is your Azure Tenant URI followed by your app name (unique identifier for Azure AD to identify your app).

5. When finished, click Register. You are presented with the details of the app that you created. Copy the Application (client) ID for later use:

6. Go to Authentication, select Yes for ‘Treat application as a public client’ and click [Save] button:

7. Click [Add a platform], select iOS or Android (based on your platform) in ‘Mobile and desktop applications’ section, fill in Package Name/Bundle ID and Signature Hash as in the following figure:

     Package name/Bundle ID: com.addonproducts.dssworkspace 

     Signature hash: poAABcrJsErhK+75cpexqM+tk9g=


For iOS

For Android


8. Go to API Permissions, grant admin consent to the app

9. Go to Digital Sign Service Manager/SYSTEM/Settings. Check on options as shown in the figure below:

10. Go to Digital Sign Service Manager/SYSTEM/Connections. Copy the Application (client) ID retrieved at Step 5 to the field Application Client ID for Keyboard authentication from Client and/or Workspace authentication login:

11. Click [Save] to finish.




Create Azure app for mail sending function

1. Log on Azure portal with your Azure account. 

2. If your account gives you access to more than one, click your account in the top right corner, and set your portal session to the desired Azure AD tenant. 

3. In the left-hand navigation pane, click the Azure Active Directory service (if it absent, click on All services and find it by name), click App registrations → New registration.

4. When the Register an application page appears, enter your application's registration information:

- Name: Enter DigitalSignService.MachineName (or any name you want). 

Note: Name of the web app must not include spaces or digits. 

- Supported account types: Select ‘Accounts in this organizational directory only’. 

- Redirect URI: Enter your web app URL (the address of a web page where users can sign in and use your app). The APP ID URI is your Azure Tenant URI followed by your app name (unique identifier for Azure AD to identify your app). 

5. When finished, click Register

6. Go to Authentication, select No for ‘Treat application as a public client

7. Go to Certificates & secrets → New client secret (key): 

Note: Select ‘24 months’ for Expires

8. Add a description for your key and click [Add]. The right-most column will contain the key value (Password), after you save the configuration changes. Be sure to copy the Value for use in Digital Sign Service (inside it’s Password field), as it is not accessible once you leave this page.

9. Click [Overview] to go back. The Application (Client) ID field will contain App principal ID for Digital Sign Service.

- Click the API Permissions section on the menu Add a permission. Select tab Microsoft APIs → Click [Microsoft Graph].

- In the opened panel, click [Application permissions], scroll down to Directory and check on permissions as shown in the following figures:

- Click [Add permissions] at the bottom of the panel.

- Then click [Grant admin consent for …] to finish.

You must collect this information for configuration in Digital Sign Service.

  • Application (Client) ID must be entered in “App principal ID” field.
  • Secret Key must be entered in “Client Secrets” field.

Properties

Applies to: DSS for Server 4.0, 4.1and 4.2
Reference: TFS #204048,264043
Knowledge base ID: 0262
Last updated: Apr 13, 2021

Choose files or drag and drop files