Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This article covers configuration required in Azure AD to allow an external application to make web service calls to Adams Web. This article assumes Connect Foray ADAMS to Azure Active Directory has already been completed.

...

  1. Azure Portal > Azure Active Directory > App registrations > Foray Adams Web* > App roles
    This name could vary based on earlier configuration

  2. Create app role

    1. Display name - External App API Access

    2. Allowed member types - Applications

    3. Value  - ExternalAppAccess

    4. Description - Allow external systems to access the Update Folder Status API with the application's credentials

    5. Do you want to enable this app role? - checked

    6. Apply

Create App Registration for the External Application

  1. Azure Portal > Azure Active Directory > App registrations

  2. New registration

  3. Name - Adams External System 
    You may use a different name if you choose.

  4. Who can use this application or access this API? - Accounts in this organizational directory only (Foray DevTest only - Single tenant)

  5. Register

Add API Permission to the External App Registration

  1. Azure Portal > Azure Active Directory > App registrations > Adams External System* > API permissions
    Name may vary based on earlier configuration

  2. Add a permission

    1. APIs my organization uses

    2. Search for the Foray Adams Web app registration name or client id and select it

    3. Application permissions

    4. ExternalAppAccess - Check

    5. Add permissions

  3. Click Grant admin consent

    1. Select Yes

...

  1. Azure Portal > Azure Active Directory > App registrations > Adams External System* > Certificates & secrets
    Name may vary based on earlier configuration

  2. New client secret

    1. Description - Adams Update Folder Status

    2. Expires - Choose a time frame and set yourself a reminder to renew. The application integrating with Foray Adams Web will need a new secret before this secret expires.

    3. Add

  3. Copy the secret value

  4. This value must be provided to the technical person responsible for the integration with Foray Adams Web.

...

  1. Azure Portal > Azure Active Directory > App registrations > Foray Adams Web* > Overview
    Name may vary based on earlier configuration

  2. Endpoint (in the top toolbar for Overview)

  3. OAuth 2.0 token endpoint (v2)

  4. Copy the value

...

Scope

  1. Azure Portal > Azure Active Directory > App registrations > Foray Adams External SystemWeb* > Overview
    Name may vary based on earlier configuration

  2. Copy the Application (client) ID

  3. Copy the value

Client Secret

This came from the previous “Add a Client Secret to the External App Registration” step.

Scope

  1. URI

  2. Append “./default" to the end

Client ID

  1. Azure Portal > Azure Active Directory > App registrations > Foray Adams WebExternal System* > Overview
    Name may vary based on earlier configuration

  2. Application (client) ID

  3. Copy the Application ID URIAppend “./default" to the endvalue

Client Secret

This came from the previous “Add a Client Secret to the External App Registration” step.

Send the Token Endpoint, Scope, Client ID, and Client Secret , and Scope to the technical individual responsible for integration with Foray Adams Web.

Note

Be sure to send these values, particularly the secret, securely NOT IN EMAIL.

Next Steps

The integration with Foray Adams Web can now proceed.

...