During the configuration of DS Service with Active Directory in O365 (Azure AD), we need to create an application registration with rights to read Active Directory objects in your O365 tenant.
Create Azure app for Log in function in Workspace
1. Log on Azure portal with your Azure account.
2. If your account gives you access to more than one, click your account in the top right corner, and set your portal session to the desired Azure AD tenant.
3. In the left-hand navigation pane, click the Azure Active Directory service (if it absent, click on All services and find it by name), click App registrations --> New registration.
4. When the Register an application page appears, enter your application's registration information:
- Name: Enter WorkSpace.Authentication (or any name you want).
- Note: Name of the web app must not include spaces or digits.
- Supported account types: Select ‘Accounts in this organizational directory only’.
- Redirect URI: Enter your web app URL (the address of a web page where users can sign in and use your app). The APP ID URI is your Azure Tenant URI followed by your app name (unique identifier for Azure AD to identify your app).
5. When finished, click Register. You are presented with the details of the app that you created. Copy the Application (client) ID for later use:
6. Go to Authentication, select No for ‘Treat application as a public client’ and click [Save] button:
7. Click [Add a platform], select iOS or Android (based on your platform) in ‘Mobile and desktop applications’ section, fill in Package Name/Bundle ID and Signature Hash as in the following figure:
Package name/Bundle ID: com.addonproducts.dssworkspace
Signature hash: poAABcrJsErhK+75cpexqM+tk9g=
NOTE: If you use Microsoft Authentication Library (MSAL) Enable Broker, the Signature Hash instead is: “hfv83swOJTX7qo+6cRe68EPOFQo=”
8. Go to API Permissions, grant admin consent to the app
9. Go to Digital Sign Service Manager/SYSTEM/Settings. Check on options as shown in the figure below:
10. Go to Digital Sign Service Manager/SYSTEM/Connections. Copy the Application (client) ID retrieved at Step 5 to the field Application Client ID for Keyboard authentication from Client and/or Workspace authentication login:
11. Click [Save] to finish.
Applies to: DSS for Server 4.3
Reference: TFS #204048
Knowledge base ID: 0305
Last updated: March 25, 2022
Jens Peter Christensen