Step-by-Step OAuth2 Authorization Process Using Microsoft Azure

Step-by-Step Setup :rocket:

Let’s walk through the process of setting up OAuth authorization in Integray using Microsoft Azure login.

The first thing you need to do is create your own “app” on the Microsoft Azure portal: Create an Azure app. This will provide you with the essential credentials required for the authorization process. :key:


Now, you’ll need to complete the following details:

  • App Name :memo:
  • Supported account types (here you need to select the first option “Accounts in this organizational directory only - your organization - Single tenant”) :pushpin:
  • Redirect URI - (It says that this is optional, but it will still be required. We’ll skip this section for now and come back to it later.) :round_pushpin:

Now hit the Register button, and you can see your application registration in the App registrations grid. :ok_hand:

Click on the application name and go to its details.

For successful authorization, we need to add some client credentials – a client secret.
Go to the Certificates & Secrets section in the left-hand menu.

In the table, you will see the name, expiration date, value, and secret ID.
Attention! :exclamation: Client secret values cannot be viewed, except for immediately after creation. Be sure to save the secret when created before leaving the page. You don’t need to copy the ID; we will need the value instead.

Then, go to the Overview section and open the Endpoints tab.

Further steps for configuring the Redirect URL will be provided below. :lock:

Next, let’s head over to Integray :gear:.

In the Authorizations section, we’ll set up a new authorization by clicking +Add and choosing OAuth2 as the provider.

Settings :gear:

  • Login URL: for Microsoft azure it is line OAuth 2.0 authorization endpoint (v2) from Endpoint tab. :earth_africa:
  • Login query params: use the pre-filled settings response_type=code :memo:
  • Request offline_access scope: use the pre-marked checkbox as True :no_entry_sign:
  • Client ID: Copy the Client ID from the Application (client) ID field in the Overview section. :closed_lock_with_key:
  • Client Secret: Copy the Value (not the ID) of your Client secret, which you should have saved earlier. :closed_lock_with_key:
  • Redirect URI: predefined to the endpoint api/Callback/GenericOAuth2 :arrows_counterclockwise:
  • Access Token URL: for Microsoft azure it is line OAuth 2.0 token endpoint (v2) from Endpoint tab. :key:

Now go to the Microsoft Azure platform and configure the Redirect URL. Klick on +Add a platform, select the platform – Web, and insert the redirect URL copied from your authorization in Integray. Click to Configure. :curly_loop:


Configuring connectors :link:

Currently, it is recommended to use this authorization with the Advanced Rest API Connector.


For more details and specifications of endpoints, you can refer to the documentation in the Endpoints tab for the selected product, and for more detailed documentation, check the View docs tab. :open_book:

Reviewing and Customizing Scopes :mag:

In the Scopes tab, you must define custom scopes to specify permissions according to your company’s needs, adhering to the principle of least privilege for enhanced security. :shield:
2024-10-01_082946

As we saw in the Auth tab on LinkedIn for developers, Scopes are defined based on the product you choose for your app. In Integray, we need to input the same scopes; otherwise, the authorization will not work correctly. :exclamation:

Once connectors and scopes are configured, the authorization setup is complete. The system is ready for secure interactions, click the Authorize button, and accept requested permissions. :white_check_mark:

After successful authentication, the status indicator will change from Not authorized to Authorized , confirming the authorization. :unlock:

Finally, click the Save button to store the new authorization. :floppy_disk:

1 Like