Sales
Denmark +45 7944 7000
Europe +45 7944 7000
North America +1 (202)-536-4165
Support
Denmark +45 7944 7002
Europe +44 203 002 3889
North America +1 (202)-536-4165
Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Entra ID Application setup for Delegated permission type

            Modified on Wed, 5 Feb at 4:09 PM

            Overview

            This article provides step-by-step instructions on how to configure Application section (with Delegated permission type) on OfficePlacebackend to facilitate search and sync operations with Azure AD/Exchange Online.

            The Application section can be found with in your Organization under Organization Management.

             

            Step-by-step instructions

            Step 1: Register app in Azure AD

            1. Navigate to Azure portal  Manage Microsoft Entra ID  App registrations and click [New registration]. 

            2. Enter the application Name and select ‘Accounts in this organizational directory only (… only – Single tenant) in Supported account types section.

            3. Click [Register] button at the bottom of the screen. Your app will then be created in your Azure tenant.

             

            Step 2: Retrieve details from app  

            Note: In this app, you need to retrieve the values of Tenant ID, App principal ID, and App Secret. Remember to copy them elsewhere for future usage.

             

            After registering the app, the screen Overview will automatically appear, allowing you to retrieve the necessary details. You can also find Overview by accessing Azure portal  Manage Azure Active Directory  App registrations. Click [All applications] then search for and select your app  select tab Overview.

            In this screen, you can see a list of Essentials, in which you can get:

            • Tenant ID: retrieved from Directory (Tenant) ID section.
            • App principal ID: retrieved from Application (Client) ID section.

             

            Next, click [Certificates & secrets] ➔ [Client Secret].

            Choose [New client secret], a screen will appear as below:

            Enter Description, select Expires time, then click [Add] button. The Value and Secret ID columns will be inserted:

            Here, you can get:

            • App Secret: retrieved from Secret’s Value.

             

            Note

            1. Remember to copy the client secret value from the Azure app immediately after adding a client secret because it will be hidden the next time you open the app’s Certificates & secrets page.

             

            2. When the secret is going to expire, remember to create a new secret, and use its Value to replace the expired one.


             

            Step 3: Configure Authentication tokens in Azure AD

            Next, click on [Authentication] section, as in the bellow figure, click [Add a platform], a right panel of Configure platforms will appear:

            Select [Single-page application], and the following screen will appear:

            You are required to complete Redirect URIs and Implicit grant and hybrid flows fields.

            • Redirect URIs: Enter the URL of OfficePlace, for which you are configuring the application.
            • https://admin.officeplace.global/
            • In the Implicit grant and hybrid flows field, check on both [Access tokens] and [ID tokens].


            Click [Configure] to switch to the last step.



            Step 4: Configure API permissions in Azure AD

            On your Azure app, go to API permissions then click [Add a permission]: 

            After that, the Request API permissions screen will appear, in which you select Microsoft APIs  Microsoft Graph  Delegated permissions:

            Search and add the following permissions:

            • Calendars.ReadWrite.Shared: allows OfficePlace to create, update, or delete reservations on the calendar when requested by Resource Central.
            • User.Read.All: allows OfficePlace and Resource Central to search for the identity of users and resources.
            • GroupMember.Read.All: allows OfficePlace and Resource Central to search for the identity of groups and their members.
            • Mail.ReadWrite.Shared: allows OfficePlace to read and write user and shared mail when requested by Resource Central.
            • Mail.Send.Shared: allows OfficePlace to send mail on behalf of others when requested by Resource Central.

             

            Besides the 5 permissions listed above, this application also requires the Exchange.Manage permission from Office 365 Exchange Online. Continue to click [Add a permission the Request API permissions screen will appear again, in which you select APIs my organization uses:

            In the search box, search for Office 365 Exchange Online  Delegated permissions:

            Search and select Exchange.Manage permission:

            1. Exchange.Manage: allows OfficePlace to run PowerShell command when requested by Resource Central. 

             

            Once you are done, click [Grant admin consent for …] to apply the added permissions. The result should look similar as follows:


             

            Properties

            Applies toOfficePlace and OfficePlace Connect

            Reference: TFS #339238

            Knowledge base ID: 0337

            Last updated: Dec 09, 2024

             

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0