Register O365 Splice application with Azure AD

The o365 Splice application will need to be registered with Azure AD to grant it permission to call the Microsoft Graph API. Follow the steps below for registration.

1.Login as admin to https://portal.azure.com/ and click on Azure Active Directory

2. Go to App Registrations

3. Click on New Registration

4.Provide a name for the application and for supported account types, pick “Accounts in this Organizational Directory Only” and hit on “Register”

5. Copy the values for Client ID, Tenant ID.

6. Click on Certificates & secrets

7. Click on New client secret

8. Add a description and click on Add

9. Copy the Client Secret value by clicking on the copy icon.

10. Cloud Run Deploy command with values for Client ID, Client Secret and Tenant ID.

11.Go to the registered application and click on API Permissions and then on Add a permission.

a. In the window that pops up, click on Microsoft Graph

b.Click on Application permissions

c. Search and add the following Application permissions

  • Directory.ReadWrite.All

  • User.ManageIdentities.All

  • User.ReadWrite.All

d. After adding all the permissions, the Status initially shows as Not granted. Click on “Grant admin consent for..”

e.After granting the permissions, a green tick mark should be seen under the status column for each of the permissions

12. Continue to edit the configuration file, application.yml as per the table below

Field Name

Field Description

jwk-set-uri

 certs URL. For example, https://<dev7.iamsath.com>/auth/realms/IDHub/protocol/openid-connect/certs. Replace <> with the name of the server where the connector is deployed, rest remains the same

idhub.hostname

The hostname /IP of IDHUB application

idhub.realm

Tenant / Keyclock realm name

idhub.clientId

The client ID of client under idhub.realm of Keyclock

idhub.secret

Password for client Id

idhub.accessToken

Follow this document to generate access and refresh tokens

idhub.refreshToken

idhub.test

Set to false

app.name

Name of Onboarded Applicatioon

app.description

Onboarded Application description

app.businessOwner

Name of the business owner of the application

app.itOwner

Name of the IT owner of the application

server.port

Port on which the O365 connector application will run. See this to set up reverse proxy.

The application.yml file should look like this after making all the changes

13. Run the connector either from the command line or as a service.

Prerequisites

  • JRE 16 OR JDK 16 installed

  • O365 Connector

a. To run from the command line.

For example, to run the o365 connector jar in the background and redirect the output to nohup.out.

cd /apps/o365_connector
nohup java -jar o365-splice-1.0.0-with-connector-application-2.1.5.jar & > nohup.out
BASH

b. To run the connector as a service, follow the steps here