Add Application to Azure Active Directory (v 1.4)
- Michael Böhm (Deactivated)
- Andi Muka
This step is required for the Confluence add-on to be able to send authenticated requests towards SharePoint Online.
To access SharePoint Online the SharePoint Connector must be registered as application in Azure Active Directory (Azure AD). This registration process involves giving Azure AD details about SharePoint Connector, such as the address to send replies to after a user is authenticated.
The actual look of the Azure portal might differ from the screenshots in this guide as the user interface is updated frequently by Microsoft.
Choose the Right Directory
Choosing the right Azure AD is only necessary if your account has access to multiple directories.
On the Azure portal home page select your account picture in the top-right corner of the page. A drop down opens that might show you a list of accessible Azure AD tenants. Choose the one connected to your Office 365 tenant.
Here is an example for an account having access to multiple directories:
If the drop down doesn't show multiple directories you can proceed as you only have access to one directory.
Register Application in Azure AD
1. In the left-hand menu choose Azure Active Directory. Then choose App registrations2. Select New application registration.
3. In the Create dialog enter the Name and Sign-on URL.
You successfully registered a new application.
Configure Application in Azure AD
Select the application you created in the previous step.
Note: the Display Name and Application ID might be different for you.
The Registered app page will open.
Make note of the Application ID. You'll need it later.
Add Reply URLs
1. In the application's Settings blade select Reply URLs.
2. Add the SharePoint Connector reply URL which has the following form: https://<Confluence Base URL>/plugins/servlet/csi/adal-helper
Samples for Reply URLs:
- https://localhost:8090/confluence/plugins/servlet/csi/adal-helper
- https://wiki.communardo.de/plugins/servlet/csi/adal-helper
3. Select Save to save the changes.
Enable OAuth 2.0 Implicit Grant Flow
1. On the Registered app page select Manifest to edit the application's manifest. The Edit manifest blade opens.
2. Find the line containing the keyword oauth2AllowImplicitFlow and set its value to true.
3. Select Save to save the manifest changes.
Note: Technical details about OAuth 2.0 implicit grant flow can be found here.
Set Application Permissions
1. In the application's Settings blade select Required permissions.
Note: The entry Windows Azure Active Directory should already be present.
2. In the Required permissions blade select Add.
3. In the Add API access blade press Select an API. Then select Office 365 SharePoint Online.
4. Confirm by pressing Select which opens the Enable Access blade.
5. Under Delegated Permissions select Read items in all site collections, Read and write items in all site collections and Read and write items and lists in all site collections.
6. Confirm by pressing Select.
7. Back in the Add API access blade select Done.
The permissions are now listed in the application's Required permissions blade.
8. In the Required permissions blade click Grant Permissions.
9. Select Yes.
Granting permissions for all accounts makes sure that all users can use the SharePoint macros in Confluence.
Make Note of Information Needed to Configure Confluence
Note the Application ID
You'll need the application ID that you got in step Configure Application in Azure AD.
Sample Application ID: d33d7c4b-8e9c-437a-9b12-61ae3f0d14a4
Note the Directory ID
On the Azure portal home page, hover over your account picture in the top-right corner of the page.
Make note of the Directory ID:
Note: Hovering sometimes fails in certain browsers. Use another browser if this happens.
You can avoid typing this ID by navigating to Azure Active Directory - Properties where you can copy the Directory ID to the clipboard:
Sample Directory ID: d4b5cc62-72c9-4f0c-bc01-0d1e852b8ce0
After following above steps you should now have the following information noted and available for upcoming configuration steps:
- Application ID (for example d33d7c4b-8e9c-437a-9b12-61ae3f0d14a4)
- Azure Active Directory ID (for example d4b5cc62-72c9-4f0c-bc01-0d1e852b8ce0)