Set Up Azure AD Application

Configure Azure AD:

1. Login to portal.azure.com with an user account that has access to the Azure Active Directory

2. Go to the Azure Active Directory

   • Create a new registration (click on 'App-Registrations')

     • Select Name: amberSearch

     • Leave URL empty

       

3. Add and additionally configure forwarding URLs (by clicking on the “Forwarding URLs” button on the overview page)

   • Go to Authentication

   • Add a platform

   • Choose Web

   • Input Redirect URI https://customerName.ambersearch.de/api/auth/microsoft/callback

     • Keep in mind to replace customerName accordingly

   • Create a client secret at the "Certificates & secrets" Page

   • Go to "Certificates & secrets"

   • Click on "New client secret"

   • Set expiration period of 2 years

• Provide the Value of the secret and its secret ID (optional) to amberSearch Team (see form below or sent it to us via IT@ambersearch.de)

5. Request Graph API Delegated Permissions for the following resource:

   • Go to API permissions

   • Add a permission

   • Choose Microsoft Graph, then choose delegated permissions

   • Request permission for the following resource(s):

     • User.Read

   • Note: If Azure pre-sets the permission, then you don't need to add it.

6. Request Graph API Application Permissions for the following resources:

   • Go to API permissions

   • Add a permission

   • Choose Microsoft Graph and then Application permissions

   • Request permission for the following resources:

     • Group.Read.All

     • GroupMember.Read.All

     • User.Read.All

7. Grant admin consent for the required permissions

• Expected outcome / what the amberSearch Team needs for a successful set up:

  • tenant URL

  • tenant ID

  • client ID

  • Value of the secret (also known as client Secret)

  • secret ID (optional)

  • Please enter the values in the form below. If the form doesn't load, you can also access it here. We will automatically be notified:

Note: For security reasons, we do not ask you for the value of the secret and the secret ID via the form. Instead, we kindly ask you to send it to us via message in Teams or via phone +49 176 6655 6358 (The mobile number of amberSearch's IT department). If you choose to send the information via phone please include your name/company name so we know who to link with that number.

Final Checklist

The following values must be provided to the amberSearch Team:

Tenant URL

Tenant ID

Client ID

Value of the secret (also known as Client Secret) is sent via SMS or Teams Message to amberSearch team

secret ID

User.Read - The Graph API delegated permission is granted

Group.Read.All - The Graph API application permission is granted

GroupMember.Read.All - The Graph API application permission is granted

User.Read.All - The Graph API application permission is granted

If you need assistance please reach out to us via IT@ambersearch.de