Info |
---|
Entra ID was formerly Azure AD |
...
Open the Azure Portal
Navigate to Entra ID (formerly Azure Active Directory)
App registrations
New registration
Name - Foray Adams WebAdmin, Foray Adams AdminWeb, or Foray Adams Clients
This name is visible to end users. You may use a different name if you chose. If so you will need to identify that name later in these steps. You can change this name later.Supported account types: Accounts in this organizational directory only
Redirect URI
Adams Admin
Web
This URL will be provided by Foray. It will be similar to:
ExampleCode Block https://web01.myagency.foray.com/AdamsAdmin/Account/Login
Adams Web
Web
This URL will be provided by Foray. It will be similar to:
ExampleCode Block https://web01.myagency.foray.com/AdamsWeb/Login.aspx
Adams Clients
Select "Public client/native (mobile & desktop)" from the dropdown
Enter the value:
Code Block https://login.microsoftonline.com/common/oauth2/nativeclient
Click Register
...
Select the application to be configured
Authentication
For Adams Admin
Front-channel Logout URL
This URL is provided by Foray for logout. It will be similar to:
Example
Code Block language xml https://web01.myagency.foray.com/AdamsAdmin/Account/AzureSingleSignOut
Implicit grant and hybrid flows - check ID Tokens
For Adams Web
Click Add a platform
Select Single-page application
Enter the Redirect URI provided by Foray. It will be similar to:
ExampleCode Block https://web01.myagency.foray.com/AdamsWeb/ApiRedirect.html
Configure
Front-channel Logout URL
This URL is provided by Foray for logout. It will be similar to:
ExampleCode Block https://web01.myagency.foray.com/AdamsWeb/Logout.aspx
Implicit grant and hybrid flows
Check Access tokens
Check ID tokens
Supported account types: Accounts in this organizational directory only
Allow public client flows - Enable the following mobile and desktop flow
Adams Admin and Adams Web: NO
Adams Clients - YES
Click Save
...
Select the application to be configured
API permissions
Click Add a permission
Click Microsoft Graph
Select Delegated permissions
Under Permission check "
openid
" - Required for authenticationUnder Permission check "
profile
" - Enables access to a user's name, userid, and other basic info.User.Read
will already be checked, leave it checked - Required for authenticationAdams Admin and Adams Web only
Select Application permissions
Navigate to and check "
Directory.Read.All
" - This provides access to groups so that privileges can be applied per group.Navigate to and check "
User.Read.All
" - This provides access to user info such as name and email.
Adams Web only (added in 6.2)
Select Application permissions
Navigate to and check GroupMembercheck
GroupMember.ReadWrite.All
- This allows adding of external users to the external users group.Navigate to and check Usercheck
User.Invite.All
- This allows external user account to be created.
Foray Adams Clients only
Select Delegated permissions
Navigate to and check "
Directory.Read.All
" - This provides access to list users in groups
Click Add permissions
Add API for Foray Adams Clients only - This can not be done until the Adams Web application registration is complete (all the way to the bottom of this KB)
Click Add a permission
Click APIs my organization uses (above Microsoft Graph)
Select Foray Adams Web (the name used may be different)
Check BridgeWebApi
Check BridgeSignalR
Click Add permissions
Click Grant admin consent
Select Yes
...
Select the application to be configured
Manifest
Find and edit
"groupMembershipClaims"
. Changenull
to"SecurityGroup"
(including the quotes)Adams Admin and Adams Web Only
Find and edit
"signInUrlhomePageUrl"
(near bottom, note this used to besignInUrl
). Changenull
to the URL provided by Foray for the application. The quotes around the URL are necessary.
Example Sign In URLsCode Block Ex1: "https://web01.myagency.foray.com/AdamsAdmin/" Ex2: "https://web01.myagency.foray.com/AdamsWeb/"
Click Save
...