Differences

This shows you the differences between two versions of the page.

--- externalcredentials [2023/03/04 02:06] – Justin Willey
+++ externalcredentials [2023/03/04 02:24] – Justin Willey
@@ Line 12: / Line 12: @@
 ==== Microsoft Graph API ====
+=== Registering IQX as an application in Azure ===
 To use the Microsoft Graph API with IQX, you must first set up IQX as an Application in **your** Azure Active Directory using the Create Azure Active Directory application. To do this, log into **your** Microsoft Azure Portal as an **admin** user. Then select __Azure Active Directory__ followed by __App registrations__.
 Next complete the __Name__ field as, for example, //IQX//, set __Supported account types__ to //Accounts in this organizational directory only// and set __Redirect URI__ to //Web// with http://localhost as the __URI__.
+=== Granting permissions to IQX ===
 Now go back to __App registrations__ and select __All apps__. Select the App record you have just created and then select __API Permissions__. Select __+ Add a permission__ and in __Request API permissions__ select //Microsoft Graph//. Then configure __Application permissions__ and grant //Mail.Read// and //Mail.ReadWrite// permission to the App. Final ensure you choose __Grant admin consent for <your company name>__. Your settings should look something like this:
 {{:graphapipermissions.jpg?nolink|}}
+=== Setting up authentication for IQX ===
+Choose __Certificates and secrets__ from the right hand menu. Choose __Add a client secret__, give it a description and choose //Never// under __Expires__. Select __Add__ and copy the displayed Secret into the **Client Secret** field in IQX and then click on **Save & Refresh**.
+Then back in Azure, choose __Authentication__ from the right hand menu. The screen should look something like this:
+{{:graphapiauthentication.jpg?nolink|}}
+Now select and copy the __Application (client) ID__ into **Client ID** in IQX, and __Directory (tenant) ID__ into **Tenant ID** in IQX. Then click on **Save & Refresh**