Configuring Azure AD for self-hosted OfficeMaps

Configuring Azure AD for self-hosted OfficeMaps

This article is intended to provide network administrators with the steps required to enable Azure AD to integrate with self-hosted OfficeMaps.

IMPORTANT: THIS ARTICLE IS ONLY FOR ON-PREMISE INSTANCES. DO NOT COMPLETE ANY OF THESE STEPS IF YOUR INSTANCE IS HOSTED IN AWS.

NOTE: Azure Ad can only integrate with secured (https) websites. If your self hosted instance is running on http, then it will need to be changed prior to continuing.

Steps

1. Register Application

1.1. Open the Microsoft Azure Portal, select the Azure Active Directory option and then choose App Registrations.

  

 1.2. Click New application registration and enter any value for the Name field (in our example OfficeMaps). . 

 



  

1.3. The OfficeMaps application will now be registered. Select the new application and record the Application/Client ID which will be used later in this process.

  

 

2. Azure Ad Permissions

2.1. Choose the option API Permissions, then click Add a permission.

 

2.2. Scroll to the very bottom and Select Azure Active Directory Graph

2.3. Click Application Permissions.
2.4. Expand Directory, and select Directory.ReadAll


2.5. Click add permissions to save.

3. Microsoft Graph Permissions.

3.1.  Click Add a Permission again.
3.2. Microsoft Graph.

  
3.3. Click Application Permissions

3.4. If you want to allow access to Calendar data, expand Calendars and select Calendars.Read


3.5. Expand Group and select Group.ReadAll


3.6. Expand User, and select User.ReadAll

3.7. Once complete, click  Add permissions

The permissions should look similar to below.




3.8 Click Grant Consent.



4. Client/Application Secret
4.1. Select Certificates and Secrets, then click New client Secret.



4.2.  Add a name and select an Expiry. Note: if 1 or 2 years, a new secret will need to be created prior to expiry otherwise AD Sync will stop working. (Ability to login will continue working).

4.3. Click Add.

 

4.4.  When you click Save it is essential to manually record the key into Notepad or some other program as it is only displayed once.


5. Authentication - Redirect URIs

Note: redirect URIs Must be https, Microsoft does not allow http addresses to be entered.
Currently Microsoft rules


Redirect URIs to enter
Logout Url

Hosted Sites 
US  - us.officemaps.com
Europe  - uk.officemaps.com
AU/NZ - app.officemaps.com

substitute {your_officemaps_web_url} with the relevant uri eg for US,  us.officemaps.com
Redirect URIs
5.1. Enter your specific redirect URI's into the follow section.
       Type: Web.  then Uri.
5.2. Enter your specific Logout URL.


5.3.  Tick ID Tokens.
5.4. Select Accounts in this organizational directory only.

5.5. Click Save on the top page bar.





 6. Create an Azure Ad Group.
This step is only required if you do not already have a Group to use.
 To allow users to be added automatically or synchronise through an Azure Active Directory group, the group must be specified in OfficeMaps.
If your site does not have a desired Active Directory Group yet, this can be done in one of two ways. If OfficeMaps is an on premise installation this can be performed through Active Directory. Otherwise, this step can be completed by using the Azure Portal as detailed below. 

6.1. In the Azure Active Directory admin center,  navigate to Azure Active Directory , then search or  select Groups. 

 

6.2. Click New Group.



 

12. Enter details for the group and choose the Membership type Assigned. Choose members and add them to the group, then click Create. Take a note of the Group Name; like the key, this value will be used to set up synchronising in OfficeMaps.

 

Integrations_Configure_Azure_AD_333756988236_11.png

 


13. You will need the following information to configure the OfficeMaps application itself:
a. The Application ID identified in Step 3.
b. The Application Key identified in Step 9.
c. The AD security group which will be used by OfficeMaps for synchronising.




    • Related Articles

    • Adding a new Azure AD/Office 365 Integration Provider

      What is an Integration? An integration is a way for Administrators to connect OfficeMaps to a third-party services like Microsoft or Google, which can be used to authenticate users attempting to log in. An integration can also be configured to allow ...
    • Managing Users Migrating from a Self-Hosted to a Hosted Instance

      About Migrations Before a self-hosted instance can be migrated to a hosted instance, there are some questions that must be answered and actions taken in order to facilitate the migration. All users in self-hosted OfficeMaps will have a user name and ...
    • Self Hosted Upgrade Procedure

      The self-hosted version of OfficeMaps consists primarily of the OfficeMaps folder (assuming web sites and files etc. are still contained within) and the SQL Database. The overview of the upgrade process is:            Download and copy upgrade ...
    • Steps for Migration from a Self-Hosted Instance to Hosted OfficeMaps

      The process to move OfficeMaps from a self-hosted instance to a hosted one requires a number of steps. 1. Verify that your self-hosted instance is fully updated with all the system requirements to run the current self-hosted version of OfficeMaps. ...
    • Using a Field in AD for Desk Allocation during OfficeMaps Sync

      OfficeMaps has an AD Sync process to add users and associated properties from AD. Information about this is available in the article Sync People from AD. As part of this function, Administrators can specify a field in AD that is used to assign each ...