Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
externalcredentials [2023/03/04 02:03] – Justin Willey | externalcredentials [2023/03/04 02:39] (current) – [Microsoft Graph API] Justin Willey | ||
---|---|---|---|
Line 2: | Line 2: | ||
Used to store credentials for integrations with external systems. Different data items will need to be completed depending on the nature of the external system. These credentials are available to be used by built-in commands like < | Used to store credentials for integrations with external systems. Different data items will need to be completed depending on the nature of the external system. These credentials are available to be used by built-in commands like < | ||
- | More sensitive items are stored in the database using AES256 encryption. Once saved, only the last four characters are shown, preceded by ****. The number of asterisks is unrelated to the length of the underlying data. | + | More sensitive items are stored in the database using AES256 encryption. Once saved, only the last four characters are shown, preceded by %%****%%. The number of asterisks is unrelated to the length of the underlying data. |
- | === SMTP === | + | When you click on New, you will be asked for the Name, the Type and a Description of the credential record you want to create. The type and description can be edited later, but the name cannot be changed subsequently, |
+ | |||
+ | ==== SMTP ==== | ||
As a minimum, a name, description and a host address are required. If specified, the Email Address will be used as the SMTP Sender email, otherwise it must be specified in the < | As a minimum, a name, description and a host address are required. If specified, the Email Address will be used as the SMTP Sender email, otherwise it must be specified in the < | ||
Line 10: | Line 12: | ||
If your email provider enforces two-factor authentication, | If your email provider enforces two-factor authentication, | ||
- | === Microsoft Graph API === | + | ==== Microsoft Graph API ==== |
+ | === Registering IQX as an application in Azure === | ||
To use the Microsoft Graph API with IQX, you must first set up IQX as an Application in **your** Azure Active Directory using the Create Azure Active Directory application. To do this, log into **your** Microsoft Azure Portal as an **admin** user. Then select __Azure Active Directory__ followed by __App registrations__. | To use the Microsoft Graph API with IQX, you must first set up IQX as an Application in **your** Azure Active Directory using the Create Azure Active Directory application. To do this, log into **your** Microsoft Azure Portal as an **admin** user. Then select __Azure Active Directory__ followed by __App registrations__. | ||
Next complete the __Name__ field as, for example, //IQX//, set __Supported account types__ to //Accounts in this organizational directory only// and set __Redirect URI__ to //Web// with http:// | Next complete the __Name__ field as, for example, //IQX//, set __Supported account types__ to //Accounts in this organizational directory only// and set __Redirect URI__ to //Web// with http:// | ||
- | Now go back to __App registrations__ and select __All apps__. Select the App record you have just created and then select __API Permissions__. Select __+ Add a permission__ and in __Request API permissions__ select //Microsoft Graph//. Then configure __Application permissions__ and grant // | + | === Granting permissions to IQX === |
+ | Now go back to __App registrations__ and select __All apps__. Select the App record you have just created and then select __API Permissions__. Select __+ Add a permission__ and in __Request API permissions__ select //Microsoft Graph//. Then configure __Application permissions__ and grant // | ||
{{: | {{: | ||
+ | === Setting up authentication for IQX === | ||
+ | |||
+ | Choose __Certificates and secrets__ from the right hand menu. Choose __Add a client secret__, give it a description and choose //Never// under __Expires__. Select __Add__ and copy the displayed Secret into the **Client Secret** field in IQX and then click on **Save & Refresh**. | ||
+ | |||
+ | Then back in Azure, choose __Authentication__ from the right hand menu. The screen should look something like this: | ||
+ | |||
+ | {{: | ||
+ | Now select and copy the __Application (client) ID__ into **Client ID** in IQX, and __Directory (tenant) ID__ into **Tenant ID** in IQX. Then click on **Save & Refresh** | ||