- Home En
KB0124 - Register service principal in Azure AD when used with Office 365
During the configuration of RealTime Service (RTS) with Active Directory in O365 (Azure AD), we need to create an
application registration with rights to read Active Directory objects in your O365 tenant.
Make sure to fill in the correct tenant name when you add the O365 domain to RTS:
You can either use the built-in “Create/Update” function as described in Option 1 below, or the alternative methods
to register the application in Azure AD described in Options 2 & 3 where you then fill in the “App principal ID” and
Ensure that you have the AzureAD powershell module installed on the server.
See this reference: https://docs.microsoft.com/en-us/powershell/module/azuread/?view=azureadps-2.0
Option 1: Use the built-in Create/Update feature
This feature presents a login dialog, and the app registration will be performed with the permissions of this user.
These are the requirements for the user entered here:
Option 2: Manually register your web app in Azure AD
1. Log on Azure portal with your Azure account.
2. If your account gives you access to more than one, click your account in the top right corner, and set your portal
session to the desired Azure AD tenant.
3. In the left-hand navigation pane, click the Azure Active Directory service (if it absent, click on All services and find
it by name), click App registrations, and click New application registration.
4. When the Create page appears, enter your application's registration information:
Note: Name of the web app must not include spaces or digits.
5. When finished, click Create. After the app is created, a few settings need to be configured on the Settings page. They are as follows:
The Application ID field on application’s page will contain App principal ID for Real Time Service.
Option 3: Using Power Shell
Here is example of script (put it into one file) that requires the AzureAD module to be installed on the server.
- Verify that the correct value is selected for ServiceEnvironment.
- The script is intended to be executed from the application server, since we append the server name to the name of the app in Azure.
- You may need to change your execution policy to allow execution of unsigned scripts.
Once executed the script will return a set of values.
The values must be entered as follows:
Applies to: All versions of RTS
Reference: TFS #16820; 49461; 170047
Knowledge base ID: 0124
Last updated: July 31, 2018