Overview
This article provides step-by-step instructions on how to configure the Application section (with Application permission type) on OfficePlace backend to facilitate search and sync operations with Azure AD/Exchange Online.
The Application section can be found within your Organization under Organization Management.
Step-by-step instructions
Step 1: Register app in Azure AD
2. Enter the application Name and select ‘Accounts in this organizational directory only (… only – Single tenant) in Supported account types section.
3. Click [Register] button at the bottom of the screen. Your app will then be created in your Azure tenant.
Step 2: Retrieve details from app
Note: In this app, you need to retrieve the values of Tenant ID, App principal ID, and App Secret. Remember to copy them elsewhere for future usage.
After registering the app, the screen Overview will automatically appear, allowing you to retrieve the necessary details. You can also find Overview by accessing Azure portal ➔ Manage Azure Active Directory ➔ App registrations. Click [All applications] then search for and select your app ➔ select tab Overview.
In this screen, you can see a list of Essentials, in which you can get:
- Tenant ID: retrieved from Directory (Tenant) ID section.
- App principal ID: retrieved from Application (Client) ID section.
Next, click [Certificates & secrets] ➔ [Client Secret].
Choose [New client secret], a screen will appear as below:
Enter Description, select Expires time, then click [Add] button. The Value and Secret ID columns will be inserted:
Here, you can get:
- App Secret: retrieved from Secret’s Value.
Note:
1. Remember to copy the client secret value from the Azure app immediately after adding a client secret because it will be hidden the next time you open the app’s Certificates & secrets page.
2. When the secret is going to expire, remember to create a new secret, and use its Value to replace the expired one.
Next, you have to retrieve Object ID of the application, which is very important for Step 5. To retrieve the Object ID, search for Enterprise application section on Azure on the Search box. On the Enterprise applications panel, search for the application you just created in Step 1:
Click on that app and its properties will show up as follows:
Here, you can get:
- Object ID
You can also copy the remaining values for convenience.
Step 3: Configure Authentication tokens in Azure AD
Next, click on [Authentication] section, as in the bellow figure, click [Add a platform], a right panel of Configure platforms will appear:
- Configure platforms
Select [Single-page application], and the following screen will appear:
You are required to complete Redirect URIs and Implicit grant and hybrid flows fields.
- Redirect URIs: Enter the URL of OfficePlace, for which you are configuring the application.
- In the Implicit grant and hybrid flows field, check on both [Access tokens] and [ID tokens].
Click [Configure] to switch to the last step.
Step 4: Configure API permissions in Azure AD
On your Azure app, go to API permissions then click [Add a permission]:
After that, the Request API permissions screen will appear, in which you select Microsoft APIs ➔ Microsoft Graph ➔ Delegated permissions:
Search and add the following permissions:
- User.Read.All: allows OfficePlace and Resource Central to search for the identity of users and resources.
- GroupMember.Read.All: required for OfficePlace to sync identity of groups and their members.
Besides the 2 permissions listed above, this application also requires the Exchange.Manage permission from Office 365 Exchange Online. Continue to click [Add a permission] ➔ the Request API permissions screen will appear again, in which you select APIs my organization uses:
In the search box, search for Office 365 Exchange Online ➔ Delegated permissions:
Search and select Exchange.Manage permission:
- Exchange.Manage: allows OfficePlace to run PowerShell command when requested by Resource Central.
Once you are done, click [Grant admin consent for …] to apply the added permissions. The result should look similar as follows:
Note: Permissions for Exchange Online can be scoped by using RBAC. For further details, please read this KnowledgeBase Article - OfficePlace Application Access on our page.
Properties
Applies to: OfficePlace and OfficePlace Connect
Reference: TFS #339238
Knowledge base ID: 0338
Last updated: Dec 09, 2024
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article