Active Directory App Registration

Follow the steps below to register an application within Azure Active Directory. This provides permission for the application to talk to Active Directory.

From the Azure menu, select ‘Azure Active Directory’.

Then click on ‘App Registrations’.

step 1

Click on the ‘New application registration’ button.

step 2

Type a name for your application registration, generally this would be the same as your Web App name.

Enter the redirect URI for your application. This is the URL you created for the Web App in the previous section.

Ensure you provide the trailing forward slash on the URL as denoted in the screenshot, failure to do so will prevent the application from working.

Click the ‘Register’ button to create the App Registration.

step 3

Make a note of the ‘Application ID’ and ‘Directory ID’ values, these will be used later in the installation process.

Click on ‘Authentication’ from the app registration menu.

step 4

Ensure that you have the following reply URLs.

Click here to copy these values from the appendix Azure App Registration - Reply URLS.

step 5

Scroll down to ‘Advanced Settings’.

Enter the ‘Logout URL’ for your application. This is the URL you created for the Web App in the previous section.

Tick the boxes for ‘Access Tokens’ and ‘ID Tokens’.

Click the ‘Save’ button above.

step 6

Click on ‘Certificates and Secrets’ from the app registration menu.

Click on ‘New client secret’.

step 7

Enter a description such as ‘Application Key’ in to the ‘Description’ field.

Select an expiry date for the application key.

If you select a value other than ‘Never expires’ you will need to repeat this process once the existing key expires, and then update it within the Azure Web App settings, failure to do so will prevent Loome Publish from functioning.

Click ‘Add’.

step 8

Make note of the key that appears in the ‘Value’ field, we will use it later in the process.

You will not be able to access the key again after you leave this page, failure to make note of the key value will require you to repeat this process.

Click ‘API permissions’ from the app registration menu.

step 9

Click the ‘Add a permission’ button.

step 10

Scroll down and click on ‘Azure Active Directory Graph’ from the flyout that appears.

step 11

Click on ‘Delegated Permissions’.

step 12

Select all permissions shown in the screenshot, then click ‘Add permissions’.

This step requires a Global Administrator account to complete.

step 13

Click the ‘Add a permission’ button again.

step 14

Scroll down and click on ‘Azure Active Directory Graph’ from the flyout that appears.

step 15

Click on ‘Application Permissions’.

step 16

Select all permissions shown in the screenshot, then click ‘Add permissions’.

This step requires a Global Administrator account to complete.

step 17

Click the ‘Grant Admin consent for Company’ button.

This step requires a Global Administrator account to complete.

step 18

Click ‘Yes’ for the confirmation prompt.

step 19

Confirm that permissions now have the ‘Granted for Company’ tick next to each permission.

Click on ‘Expose an API’ from the app registration menu.

step 20

Click the ‘set’ link next to ‘Application ID URI’.

step 21

Enter the URL for the Loome Publish web application.

Click the ‘Save’ button.

step 22

Click the ‘Add a scope’ button.

step 23

Set ‘Scope name’ to ‘user_impersonation’.

Set ‘Who can consent?’ to ‘Admins and Users’.

Set ‘Admin consent display name’ to ‘Access Loome Publish’.

Set ‘Admin consent description’ to ‘Allow the application to access Loome Publish on behalf of the signed-in user.’

Set ‘User consent display name’ to ‘Access Loome Publish’.

Set ‘User consent description’ to ‘Allow the application to access Loome Publish on your behalf.’

Click ‘Add scope’ at the bottom.

step 24

Click on ‘Manifest’ from the app registration menu.

step 25

Change groupMembershipClaims value from null to ‘All’.

Change oauth2AllowImplicitFlow value from false to true.

Change oauth2AllowIdTokenImplicitFlow value from false to true.

Click the ‘Save’ button above.