Verinote offers out of the box integration with Microsoft Azure Active Directory (AAD). This means, organisations can provision and provide employees access to Verinote using their current credentials, without creating Verinote specific accounts or additional credentials. This is particularly useful for large organisations to save time in account provisioning and also ensures a single point of truth to user particulars and credentials. This article explains the process an organisations SysAdmin takes to register Verinote as AAD App Registration.
App Registration
- Ensure you are in your organisations primary AAD Tenant within the Azure Portal
- From the Azure Portal home page, search Azure Active Directory and select it under Services, below the search field
- From the AAD main screen, under Tenant Information, copy and paste your Tenant ID and Primary Domain into a seperate document (such as notepad, or Microsoft word), you will need these later
- From the left hand column, select App Registrations
- From the top of the App Registrations screen, select + New Registration.
- In the name field, type: Verinote
- Under Supported Account Types, ensure accounts in this organisational directory only is selected.
- Under Redirect URI, select Single Page Application (SPA) and enter the URL of your specific Verinote environment, provided by VeriSaaS, e.g. https://agency.verinote.app
- Select Register, copy and paste your Application ID into a separate document (such as notepad, or Microsoft word), you will need it later
Completing the above steps will have successfully registered Verinote as an application within your organisations AAD and it is now time to configure it.
Verinote App Configuration
-
From the left hand column, select Branding and populate the following fields accordingly:
-
Name: Verinote
-
Upload New Logo: Upload the Verinote AAD App Registration Logo found here
-
Home page URL: https://verisaas.com
-
Terms of service URL: https://verisaas.com/verinote-eula-terms-of-use
-
Privacy statement URL: https://verisaas.com/privacy
-
- Select the Save icon at the top of the page
- From the left hand column, select Authentication
- Select +Add a platform
- Under Configure Platforms, select iOS/macOS (Objective-C, Swift, Xamarin)
- In Bundle ID, enter: com.verisaas.verinote
- Select Configure and then Done
- Under Implicit Grant, select both Access Tokens and ID Tokens
- Select the Save icon at the top of the page
- From the left hand column, select Certificates and Secrets
- Under Client Secrets, select + New Client Secret
- Under Description, enter: Graph and and set the expiry according to your organisational policy (leave the default of one year if you don’t have this defined in an organisational key management policy)
- Select Add and copy the value of the secret into your Key Management system (e.g. KeyVault)
- From the left hand column, select Expose an API
- To the right of Application ID URI, select Set
- Enter https:// followed by the value of your AAD Primary Domain URL and /api to the end of the URL (e.g. https://VeriSaaSID.onmicrosoft.com/api)
- Select Save
- Under Scopes defined by this API, select + Add a scope
- In scope name, enter: user_impersonation
- Ensure Admins Only only is selected and enter the following value in both the Admin consent display name and description: “Read and write the directory”
- Ensure state is set to Enabled
- Select Add Scope
- From the left hand column, select API Permissions
- Under Configured Permissions, select + Add a permission
- Under Commonly used Microsoft APIs, select Microsoft Graph and then select Application Permissions
- Under Select Permissions, select the Directory drop down from the list and then select both Directory.Read.All and Directory.ReadWrite.All
- Select Add Permissions
- Again, Configured Permissions, tick Grant admin consent for your AAD Tenant
- Under Configured Permissions, again select + Add a permission
- Under Commonly used Microsoft APIs, select Microsoft Graph and then select Delegated Permissions
- Under Select Permissions, select the OpenID Permissions drop down from the list and then select Email and Profile
- Select Add Permissions
- From the left hand column, select Manifest
- In the application manifest JSON file, change acceptMappedClaims (line 3) from null to true
- Select Save
Authorising your AAD within Verinote
By now, your Verinote application will have been registered within your AAD, however VeriSaaS will still need to authorise your AAD tenant's use of the Verinote application. To do so, please create a support ticket or email support@verisaas.com an email requesting your AAD by connected to the Verinote application and provide the following information
- Application ID; and
- Tenant ID
A VeriSaaS member will verify the request and approve connection, where appropriate. You will be notified once this has been completed, however, please allow 48 hours.
Require additional support?
VeriSaaS can guide you through the above process without access to your environment or AAD tenant. If you require assistance or have any questions, please raise a support ticket from this page, email support@verisaas.com or call +61 (07) 3251 2456.
Comments
0 comments
Please sign in to leave a comment.