Support
Login
Your Password

Sales
North America
Phone: +1 (905)-655-9262
Fax: +1 (905)-655-9395
Email: info@add-on.com

Europe
Phone: +45 7944 7000
Fax: +45 7944 7001
Support
Denmark
+45 7944 7002

Europe
+44 (0) 203 002 3889

North America
+1 (202)-536-4165
Knowledgebase: RealTime Service
KB0124 - Register service principal in Azure AD when used with Office 365

 

Summary

During the configuration of RealTime Service (RTS) with Active Directory in O365 (Azure AD), we need to create an

application registration with rights to read Active Directory objects in your O365 tenant.

Make sure to fill in the correct tenant name when you add the O365 domain to RTS:

You can either use the built-in “Create/Update” function as described in Option 1 below, or the alternative methods

to register the application in Azure AD described in Options 2 & 3 where you then fill in the “App principal ID” and

“password” manually.

Ensure that you have the AzureAD powershell module installed on the server.

See this reference: https://docs.microsoft.com/en-us/powershell/module/azuread/?view=azureadps-2.0

 

Option 1: Use the built-in Create/Update feature

This feature presents a login dialog, and the app registration will be performed with the permissions of this user.

These are the requirements for the user entered here:

  1. User cannot have MFA enabled.
  2. Permissions of the user must be either:
    • a. Global Admin
    • b. Regular user with these Azure roles:
      • i. Application administrator
      • ii. Privileged role administrator

 

Option 2: Manually register your web app in Azure AD

1. Log on Azure portal with your Azure account.

2. If your account gives you access to more than one, click your account in the top right corner, and set your portal

session to the desired Azure AD tenant.

3. In the left-hand navigation pane, click the Azure Active Directory service (if it absent, click on All services and find

it by name), click App registrations, and click New application registration.

4. When the Create page appears, enter your application's registration information:

  • Name: Enter realtimeservice (or any name you want).

Note: Name of the web app must not include spaces or digits.

  • Application type: Leave Web application and/or Web API.
  • Sign-On URL: Enter your web app URL (the address of a web page where users can sign in and use your app). The APP ID URI is your Azure Tenant URI followed by your app name (unique identifier for Azure AD to identify your app). Updating an application.

5. When finished, click Create. After the app is created, a few settings need to be configured on the Settings page. They are as follows:

  • Click the Keys section on the Settings page.
  • Add a description for your key.
  • Select either a one or two-year duration.
  • Click Save. The right-most column will contain the key value (Password), after you save the configuration changes. Be sure to copy the key for use in Real Time Service (inside it’s Password field), as it is not accessible once you leave this page.

The Application ID field on application’s page will contain App principal ID for Real Time Service.

  • Click the Required Permissions section on the Settings page.
  • Select Windows Azure Active Directory (You can add it via Add button if absent).
  • You're taken to the Enable Access page. Select the Read Directory Data in Application Permissions.

  • In Required Permissions section, click on the Grant Permissions button.

 

Option 3: Using Power Shell

Here is example of script (put it into one file) that requires the AzureAD module to be installed on the server.

Note:

- Verify that the correct value is selected for ServiceEnvironment.

- The script is intended to be executed from the application server, since we append the server name to the name of the app in Azure.

- You may need to change your execution policy to allow execution of unsigned scripts.

Once executed the script will return a set of values.

The values must be entered as follows:

  • SPAPPID must be entered in “App principal ID” field.
  • SPPWD must be entered in “password” field. 

 

Properties

Applies to: All versions of RTS

Reference: TFS #16820; 49461; 170047

Knowledge base ID: 0124

Last updated: July 31, 2018


Attachments 
 
 register app - v2.0.ps1 (4.42 KB)