Requirements for this guide:
- You have access to the Azure portal at https://portal.azure.com
- You are entitled to access the overview of and to edit registered apps at https://portal.azure.com/#view/Microsoft_AAD_RegisteredApps/ApplicationsListBlade
To import user and channel information from your Azure tenant, you have to grant direct access to the Graph API. You have to take the following steps for the newly registered Flip app.
If you haven’t already registered an app for Flip, please go through the steps provided in this guide: Flip Syncer and Single-Sign-On (SSO): How to set up Azure AD
1. Add a client secret
Please note: if you’ve created an Enterprise application, you have to switch to “App registrations” first. Then select your application.
Be sure that you are within the configuration section of your new Flip app registration and click on “Certificates & secrets” (1) in the navigation bar on the left.
Then simply click on “New client secret” (2) and a simple form will be displayed on the right side.
Provide your information (3):
- Description: Use a name which enables you to identify what this secret is used here, e.g., “Flip Syncer” or something similar. In our example, we simply use “Client for Flip”.
- Expiration period: Select a period for the secret. You will be notified if a secret expires and you can renew it. Check with your company policies — maybe there are restrictions on the duration of secrets.
Click “Add” (4) to add the secret to your registered app.
Please save the “Value” (1) of the newly created secret. We will need it later.
2. Give proper API permissions
Go to the permission overview by clicking on “API permissions” (1) in the navigation panel and click on “Add a permission” (2).
In the next screen, simply select “Microsoft Graph” (1).
In the opened panel, you can give the permissions needed to read user and group information.
First, select the type of permission. We’re using “Application permissions” (1) to have a simple setup.
You can search (2) for the names of the following permissions. You also can simply scroll down the list.
Be sure to select (3):
- Group.Read.All
- GroupMember.Read.All
- User.Export.All
- User.Read.All
If you’ve selected all needed permissions, you can save this configuration by clicking “Add permissions” (4).
Back to the permission overview, you will notice warning signs for each of those permissions selected. You need to click “Grant admin consent for XYZ”. (1) The warning signs will be replaced by the green checkmark (2).
3. Collect all important information
Click on “Overview” in the navigation panel and switch to “Endpoints” to get important information for the Flip Syncer configuration.
Save the following information:
- OAuth 2.0 token endpoint (1)
- OpenID Connect metadata document (2), only needed if you intend to use Single-Sign-On with OIDC
You can close the panel again.
Then also save the information on the overview and give all the collected information to your contact person at Flip. They will configure the Flip Syncer for you.
Flip needs:
- Application (client) ID (1)
- Directory (tenant) ID (2)
- OAuth 2.0 token endpoint (from the previous step)
- Optional: OpenID Connect metadata document (from the previous step)
- Value of the created secret (chapter “Add a client secret”)
You now have granted access to the Graph API. Please send all the collected information to your contact person at Flip. Thank you!
Comments
0 comments
Please sign in to leave a comment.