Create Azure app for reservation management

Summary

During the configuration of DS Service with Active Directory in O365 (Azure AD), we need to create an application registration with rights to read Active Directory objects in your O365 tenant.

Create Azure app for reservation management

1. Log on Azure portal with your Azure account. 

2. If your account gives you access to more than one, click your account in the top right corner, and set your portal session to the desired Azure AD tenant. 

3. In the left-hand navigation pane, click the Azure Active Directory service (if it absent, click on All services and find it by name), click App registrations → New registration.

4. When the Register an application page appears, enter your application's registration information:

- Name: Enter DSService.MachineName (or any name you want). 

Note: Name of the web app must not include spaces or digits. 

- Supported account types: Select ‘Accounts in this organizational directory only’. 

5. When finished, click Register. 

6. Go to Authentication, select No for ‘Allow public client flows’ and click [Save]:

Set Redirect URL(s) in [Authentication] tab

In [Authentication] tab, click [Add a platform] then select Web applications/Web on the right panel. Click [Add URI] and enter the Redirect URI of the application

Note: It is required to use HTTPS protocol when you establish this connection, and if you choose to use a self signed or local cert you must disable push notifications and use periodic sync. and note that SSO will also not work in this scenario.

The following two redirect URLs must be added by clicking [Add URI]:

• https://[YourDomainName]/DigitalSignService/Domain/Authorize
• https://[YourDomainName]/DigitalSignService/Admin/LoginWithSSOCallback

7. Go to Certificates & secrets → New client secret (key): 

Note: Select ‘24 months’ for Expires.

8. Add a description for your key and click [Add]. The right-most column will contain the key value (Password), after you save the configuration changes. Be sure to copy the Value for use in Digital Sign Service (inside it’s Password field), as it is not accessible once you leave this page.

9. Click [Overview] to go back. The Application (Client) ID field will contain App principal ID for Digital Sign Service.

10. Click the API Permissions section on the menu → Add a permission. Select tab Microsoft APIs → Click [Microsoft Graph].

- In the opened panel, click [Delegated permissions], scroll down to Directory and check on permissions as shown in the following figures:

NOTE: The User.Read permission is needed for use of NFC card reader in DSS Client and for retrieving token thanks to which the system can work normally. 

- After that, click [Application permissions], scroll down to Calendars, Directory and Users and check on permissions as shown in the following figures:

NOTE: If you only want to set permissions for viewing appointments on client side (i.e. user cannot create, extend, and end meetings), the Calendars.ReadWrite permission should be replaced by Calendars.Read permission.

- Click [Add permissions] at the bottom of the panel. 

- Then click [Grant admin consent for ...] to finish.

Once the app described above has been created, you must collect this information for configuration in
DS Service.

• Tenant Name must be entered in “Tenant name” field. (xx.onmicrosoft.com)
• Application (Client) ID must be entered in “Application Client ID” field.
• Secret Key must be entered in “Client Secret” field.

Properties

Applies to: DSS for Server 4.3

Reference: TFS #204048

Knowledge base ID: 0297

Last updated: June 24, 2022