Enabling Office365 SSO
Video Instructions
https://www.loom.com/share/8d2d15ab54c24a69a9ffefd3de8bed40
Steps to create success4 application in Azure Portal
Source Link: https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app
- Login to Azure Portal
- Click on the Azure Active Directory
- Go to App Registrations on the left menu items.
- Click on the New Registration button from the top menu items to create a new Success4 Application
- Enter the required details in the form like Name, Support Account Type & Redirect URI
- Name: Application Name
- Support Account Type: Accounts in any organizational directory Any Azure AD directory - Multitenant)
- Redirect URI: Select Web and The URI should be success4 instance domain redirect URL
- Click Register to create an application.
- Once the application has been created successfully, you will be redirected to the created application dashboard with all the details like Application Client ID, Display Name, etc..,
- Click on Add a certificate or secret next to Client Credentials to create Client Secret.
-
Click on the New Client Secret to create a client secret.
Enter Description for Client Secret and Select the Expiration period of client secret from the drop-down list and click on Add. Once the Client Secret has been created, Please copy the value from the Client Secrets listing (This will be visible to users only once after creates)
-
Go to the API Permissions menu tab and click on the Add a permission to add permissions and select Microsoft Graph from the applications list as shown below.
-
Select the Mentioned below List in the application:
1. Open Id Permission
- Email
- Offline_access
- OpenId
- Profile
2. Calendar
- Calendar.Read
- Calendar.ReadWrite
3. Mail
- Mail.Read
- Mail.ReadWrite
- Mail.ReadBasic
- Mail.Send
-
Click on the Grant admin consent for success4 and Click on Yes to confirm to grant all the selected API Permissions.
-
You are all set to use Microsoft Application within Success4 Instance.
Enabling Office365 SSO in Success4
- Go to the admin portal.
- Go to the settings, Change the auth method to OAuth-Office365
- For Office365, click Configure.
- Enter the details in the above configuration screen as shown below:
- Authorization URL: https://login.microsoftonline.com/common/oauth2/v2.0/authorize
- Token URL: https://login.microsoftonline.com/common/oauth2/v2.0/token
- App Client ID: Will be found under App Registration with the name Application (client) ID
- Client Secret: Will be found under App Registration with the name Client Secret value
- Redirect URI: https://domain_name/oauth/callback/ms/
- Scopes: - Will be given according to the permissions
Basic Scopes are : openid profile email offline_access User.Read User.ReadWrite.All User.ReadBasic.All User.Read.All Directory.Read.All Directory.ReadWrite.All mail.read mail.readWrite mail.send calendars.read calendars.readWrite
- Click Save.