This article covers configuration required in Azure AD to allow an external application to make web service calls to Adams Web. This article assumes Connect Foray ADAMS to Azure Active Directory has already been completed.
...
Azure Portal > Azure Active Directory > App registrations > Foray Adams Web* > App roles
* This name could vary based on earlier configurationCreate app role
Display name - External App API Access
Allowed member types - Applications
Value - ExternalAppAccess
Description - Allow external systems to access the Update Folder Status API with the application's credentials
Do you want to enable this app role? - checked
Apply
Create App Registration for the External Application
Azure Portal > Azure Active Directory > App registrations
New registration
Name - Adams External System
You may use a different name if you choose.Who can use this application or access this API? - Accounts in this organizational directory only (Foray DevTest only - Single tenant)
Register
Add API Permission to the External App Registration
Azure Portal > Azure Active Directory > App registrations > Adams External System* > API permissions
* Name may vary based on earlier configurationAdd a permission
APIs my organization uses
Search for the Foray Adams Web app registration name or client id and select it
Application permissions
ExternalAppAccess - Check
Add permissions
Click Grant admin consent
Select Yes
...
Azure Portal > Azure Active Directory > App registrations > Adams External System* > Certificates & secrets
* Name may vary based on earlier configurationNew client secret
Description - Adams Update Folder Status
Expires - Choose a time frame and set yourself a reminder to renew. The application integrating with Foray Adams Web will need a new secret before this secret expires.
Add
Copy the secret value
This value must be provided to the technical person responsible for the integration with Foray Adams Web.
...
Azure Portal > Azure Active Directory > App registrations > Foray Adams Web* > Overview
* Name may vary based on earlier configurationEndpoint (in the top toolbar for Overview)
OAuth 2.0 token endpoint (v2)
Copy the value
...
Scope
Azure Portal > Azure Active Directory > App registrations > Foray Adams External SystemWeb* > Overview
* Name may vary based on earlier configurationCopy the Application (client) ID
Copy the value
Client Secret
This came from the previous “Add a Client Secret to the External App Registration” step.
...
URI
Append “./default" to the end
Client ID
Azure Portal > Azure Active Directory > App registrations > Foray Adams WebExternal System* > Overview
* Name may vary based on earlier configurationApplication (client) ID
Copy the Application ID URIAppend “./default" to the endvalue
Client Secret
This came from the previous “Add a Client Secret to the External App Registration” step.
Send the Token Endpoint, Scope, Client ID, and Client Secret , and Scope to the technical individual responsible for integration with Foray Adams Web.
Note |
---|
Be sure to send these values, particularly the secret, securely NOT IN EMAIL. |
Next Steps
The integration with Foray Adams Web can now proceed.
...