Azure Active Directory (Azure AD) is Microsoft’s directory and identity management service. Azure AD combines core directory services, advanced identity governance, and application access management. For IT Admins, Azure AD provides an affordable, easy to use solution to give employees and business partners single sign-on (SSO) access to various applications.


ServiceBus360 uses Azure AD authentication for user management, basically for any application that outsources authentication to Azure AD must be registered in a directory. Therefore it is prerequisite to register the ServiceBus360 application with your Azure AD, including the URL where it’s located, the URL to send replies after authentication, the URI to identify your application, and more. To leverage Azure AD for ServiceBus360 you will need the following details:

  1. Azure AD Global Admin UPN
  2. Azure AD Global Admin Id
  3. Azure AD Domain Name
  4. Azure AD Domain Tenant Id
  5. Azure AD Registered Application Id
  6. Azure AD Registered Application Password


To get the Azure Admin AD Id and UPN in the Azure portal 

  1. Select Azure Active Directory > Users > select the Global Admin user 
  2. Object ID the Azure AD Global Admin Id and User name is the Azure AD Global Admin UPN

To register the ServiceBus360 Application:

  1. Log in to your Azure Account 
  2. Select the Azure Active Directory from the left side navigation panel
  3. Select App registrations option under the Manage section in the Azure Active Directory screen
  4. Select New application registration button to register a new App
  5. In the Create blade, enter the App name, Application type and URL for the application. Select Web app / API for ServiceBus360 and Sign-on URL as http://<yourVMDNSName>/ServiceBus360
  6. Click Create to create the application

The next step is to get the application ID and authentication key, to get these values:

  1. Click App registrations in Azure Active Directory and select the created application
  2. Copy the Application ID and store it in your application code. ServiceBus360 refers this value as the Client ID.
  3. To generate an authentication key, click Settings and select the Keys option
  4. Enter a Description of the key and the Expiry date, Click Save to generate the Key (Copy the Key value. You won't be able to retrieve the key when you close this blade).

A Tenant ID is required to pass the authentication, to get the Tenant ID:

  1. Select the Azure Active Directory from the left side navigation panel
  2. Select Properties option under the Manage section in the Azure Active Directory screen
  3. Copy the Directory ID, this value is your Tenant ID
     


Once, you get all the basic Azure AD configuration information, the next step is to get the users listed in the Azure AD through the Microsoft Graph API. This step is required to provide authentication to ServiceBus360 to:

  1. Read Directory data
  2. Read and write directory data
  3. Read all users' full profiles
  4. Read and write all users' full profiles
  5. Sign in and read user profile

To authorize Azure AD application through Microsoft Graph API:

  1. Log in to your Azure Account 
  2. Click App registrations in Azure Active Directory and select the created application
  3. Click Required permissions tab under the API Access section
  4. Click the Add button and choose Microsoft Graph option from the list
  5. Click the checkboxes inline with the options Add and enable access to Read Directory data, Read and write directory data, Read all users' full profiles, and Read and write all users' full profiles
  6. However for the permissions to take effect, Admin consent is required which can be acquired by Global Admin logging on to the url

    https://login.microsoftonline.com/{domainname}/adminconsent?client_id={app id}&state=654321&redirect_uri={Registerd reply url}

    and accepting the application to hold the necessary permissions.

Note: In the above URL, replace the domainname, app id, and Registered reply url values in the placeholder.