The Microsoft Azure Entra ID provider allows authentication against an application created in the Azure management environment for i-net PDFC.

• An account at the Microsoft Azure Portal
• Access to the Entra admin center

You are about to create a new application now. This application will provide the authentication credentials for the OAuth authentication we want to add to i-net PDFC.

• Go to https://entra.microsoft.com and log in
• Select App registrations from the sidebar menu
• Click New registration from the menu

In the newly opened page, you have to configure your application:

• Enter a meaningful name to distinguish the application
• Select the Supported account types - there is a Help me choose... link describing the differences of the options. Usually the first (Single Tenant) option should suffice
• Enter the Redirect URL. It should be https://<External Visible URL>/login/azure, e.g.: https://<your-server:port>/login/azure or https://<your-server>/context/default.aspx/login/azure (if IIS is used). Check that you selected Web as the Redirect URL type.
• Click Register at the bottom of the dialog

Note: After creating the application, the default API permission is User.Read for the Microsoft Graph API. This permission is sufficient for authenticating against this application.

The Client and Tenant IDs are displayed in the overview, directly after creating the application. They are displayed as Application (Client) ID and Directory (Tenant) ID in the Essentials section of the application, directly below the applications name.

The Client ID is the Application (client) ID from the Essentials section.

The Client Secret has to be created separately. You can use the link Add a certificate or secret in the essentials section to navigate there.

• Navigate to the Certificates & Secrets section of the application.
• Click New client secret in the Client secrets tab.
• Enter a Description and set the Expiration time in the side panel.
• Click Add.

You must now copy the new entry from the Value column from the table. This is the Client Secret.

Note: The Client Secret is considered a password, so please keep it in a safe place.

In the configuration manager web interface, you need to enter the Client ID and Client Secret that you received from the Microsoft Azure Application OAuth App.

Note: If you selected Single Tenant in the account type configuration, you have to enter the Tenant ID (Directory (Tenant) ID) in the respective field of the configuration. Otherwise, leave it empty.

Alternatively, you can use the option Use Settings from OAuth Connection to reuse the settings from an existing OAuth Connection that has been configured for Office 365.

Groups and roles can be transferred to i-net PDFC from Azure. To accomplish this, a token configuration must be added to the application in Azure. Switch to the Token Configuration view and click on add group claim.

Now select which role type you would like to activate in the application. The type property has no relevance and can be left at the default value ID. Currently, you can only use the security groups; directory roles are not supported.