Add Application to Azure Active Directory (v 1.7)

Owned by Dorrit Riemenschneider-Denecke
Oct 06, 2020
4 min read



 Display Name and Application ID

This step is required for the Confluence add-on to be able to send authenticated requests towards SharePoint Online.

To access SharePoint Online, the SharePoint Connector must be registered as application in Azure Active Directory (Azure AD). This registration process involves giving Azure AD details about SharePoint Connector, such as the address to send replies to, after a user is authenticated.  

The actual look of the Azure portal might differ from the screenshots in this guide as the user interface is updated frequently by Microsoft.

Choose the Right Directory

Choosing the right Azure AD is only necessary if your account has access to multiple directories.

On the Azure portal home page, select Directory switcher on the top bar of the page. A panel will open on the right that might show you a list of accessible Azure AD tenants. Choose the one connected to your Office 365 tenant.

Here is an example for an account having access to multiple directories:

                    

If the Switch Directory section in the panel doesn't show, you can proceed as you only have access to one directory.

                     

Register Application in Azure AD

1. In the left-hand menu choose Azure Active Directory. Then choose App registrations.

                   

2. Select New registration.

                  

3. In the Register an application view, enter the Name, choose Supported account types, enter a Redirect URI of type Web for SharePoint Connector and click Register.

               

You successfully registered a new application.

Configure Application in Azure AD

Select the application you created in the previous step.

Note: the Display Name and Application ID might be different for you.

The application's Overview page will open.

Make note of the Application (client) ID. You'll need it later.

Add Redirect URIs

1. On the application's Authentication page enter Redirect URIs


2. Add the SharePoint Connector Redirect URIs of type Web which have the following form: https://<Confluence Base URL>/plugins/servlet/csi/adal-helper

Samples for Redirect URIs:

  • https://localhost:8090/confluence/plugins/servlet/csi/adal-helper
  • https://confluence.communardo.de/plugins/servlet/csi/adal-helper

3. Select Save to save the changes.

Enable OAuth 2.0 Implicit Grant Flow

1. On the Authentication page, in the Implicit Grant section, select the tokens you would like to be issued by the authorization endpoint. Select both of the check-boxes.

                                           

2. Select Save to save the changes.


We suggest to check if OAuth 2.0 implicit grant flow is enabled correctly. On the application's Manifest page, find the lines containing the keywords oauth2AllowImplicitFlow and oauth2AllowIdTokenImplicitFlow. Both values should be true. If not, you can set them to true manually, by editing directly the application's manifest.


Note: Technical details about OAuth 2.0 implicit grant flow can be found here.

Set API Permissions

1. Go on the application's API Permissions page.

Request API permissions

 

Note: The Microsoft Graph API permission: "User.Read" should already be present.

2. Select Add Permission. The Request API permissions panel will open on the right.

            

3. In Microsoft APIs tab, find and select the SharePoint box. Choose Delegated Permissions as the type of permissions your application requires.

4. Expand AllSites and select the foIlowing permissions:

  • AllSites.Manage

              

5. Confirm by pressing Add permissions button on the bottom of the panel.

The permissions are now listed in the application's API Permissions table.

            

6. In the Grant consent section of API Permissions page, click "Grant admin consent for ..." button.

           

7. Confirm by selecting Yes on the confirm dialog that shows up on top of the page.

Granting consent means a user is granting authorization to an application to access protected resources on their behalf. Granting admin consent for all users makes sure every user can use the SharePoint macros in Confluence.



Make Note of Information Needed to Configure Confluence

Note the Application ID

You'll need the application ID that you got in step Configure Application in Azure AD.

Sample Application ID: d33d7c4b-8e9c-437a-9b12-61ae3f0d14a4

Note the Directory ID

On the Azure portal home page, hover over your account picture in the top-right corner of the page.

Make note of the Directory ID:

                 

Note: Hovering sometimes fails in certain browsers. Use another browser if this happens.

You can avoid typing this ID by navigating to Azure Active Directory -> Properties where you can copy the Directory ID to the clipboard:

Sample Directory ID: d4b5cc62-72c9-4f0c-bc01-0d1e852b8ce0

After following above steps you should now have the following information noted and available for upcoming configuration steps:

  • Application ID (for example d33d7c4b-8e9c-437a-9b12-61ae3f0d14a4)
  • Azure Active Directory ID (for example d4b5cc62-72c9-4f0c-bc01-0d1e852b8ce0)


9014616

All Versions