Using your existing Azure Active Directory to authenticate users within Verinote

Verinote offers out of the box integration with Microsoft Azure Active Directory (AAD). This means, organisations can provision and provide employees access to Verinote using their current credentials, without creating Verinote specific accounts or additional credentials. This is particularly useful for large organisations to save time in account provisioning and also ensures a single point of truth to user particulars and credentials. This article explains the process an organisations SysAdmin takes to register Verinote as AAD App Registration.

App Registration

1. Ensure you are in your organisations primary AAD Tenant within the Azure Portal
2. From the Azure Portal home page, search Azure Active Directory and select it under Services, below the search field
3. From the AAD main screen, under Tenant Information, copy and paste your Tenant ID and Primary Domain into a seperate document (such as notepad, or Microsoft word), you will need these later
4. From the left hand column, select App Registrations
5. From the top of the App Registrations screen, select + New Registration.
6. In the name field, type: Verinote
7. Under Supported Account Types, ensure accounts in this organisational directory only is selected.
8. Under Redirect URI, select Single Page Application (SPA) and enter the URL of your specific Verinote environment, provided by VeriSaaS, e.g. https://agency.verinote.app
9. Select Register, copy and paste your Application ID into a separate document (such as notepad, or Microsoft word), you will need it later

Completing the above steps will have successfully registered Verinote as an application within your organisations AAD and it is now time to configure it.

Verinote App Configuration

1. From the left hand column, select Branding and populate the following fields accordingly:

   • Name: Verinote

   • Upload New Logo: Upload the Verinote AAD App Registration Logo found here

   • Home page URL: https://verisaas.com

   • Terms of service URL: https://verisaas.com/verinote-eula-terms-of-use

   • Privacy statement URL: https://verisaas.com/privacy

2. Select the Save icon at the top of the page
3. From the left hand column, select Authentication
4. Select +Add a platform
5. Under Configure Platforms, select iOS/macOS (Objective-C, Swift, Xamarin)
6. In Bundle ID, enter: com.verisaas.verinote
7. Select Configure and then Done
8. Under Implicit Grant, select both Access Tokens and ID Tokens
9. Select the Save icon at the top of the page
10. From the left hand column, select Certificates and Secrets
11. Under Client Secrets, select + New Client Secret
12. Under Description, enter: Graph and and set the expiry according to your organisational policy (leave the default of one year if you don’t have this defined in an organisational key management policy)
13. Select Add and copy the value of the secret into your Key Management system (e.g. KeyVault)
14. From the left hand column, select Expose an API
15. To the right of Application ID URI, select Set
16. Enter https:// followed by the value of your AAD Primary Domain URL and /api to the end of the URL (e.g. https://VeriSaaSID.onmicrosoft.com/api)
17. Select Save
18. Under Scopes defined by this API, select + Add a scope
19. In scope name, enter: user_impersonation
20. Ensure Admins Only only is selected and enter the following value in both the Admin consent display name and description: “Read and write the directory”
21.  Ensure state is set to Enabled
22. Select Add Scope
23. From the left hand column, select API Permissions
24. Under Configured Permissions, select + Add a permission
25. Under Commonly used Microsoft APIs, select Microsoft Graph and then select Application Permissions
26. Under Select Permissions, select the Directory drop down from the list and then select both Directory.Read.All and Directory.ReadWrite.All
27. Select Add Permissions
28. Again, Configured Permissions, tick Grant admin consent for your AAD Tenant
29. Under Configured Permissions, again select + Add a permission
30. Under Commonly used Microsoft APIs, select Microsoft Graph and then select Delegated Permissions
31. Under Select Permissions, select the OpenID Permissions drop down from the list and then select Email and Profile
32. Select Add Permissions
33. From the left hand column, select Manifest
34. In the application manifest JSON file, change acceptMappedClaims (line 3) from null to true
35. Select Save

Authorising your AAD within Verinote

By now, your Verinote application will have been registered within your AAD, however VeriSaaS will still need to authorise your AAD tenant's use of the Verinote application. To do so, please create a support ticket or email support@verisaas.com an email requesting your AAD by connected to the Verinote application and provide the following information

• Application ID; and
• Tenant ID

A VeriSaaS member will verify the request and approve connection, where appropriate. You will be notified once this has been completed, however, please allow 48 hours.

Require additional support?

VeriSaaS can guide you through the above process without access to your environment or AAD tenant. If you require assistance or have any questions, please raise a support ticket from this page, email support@verisaas.com or call +61 (07) 3251 2456.