Script for Azure App Registration

General Information

To perform the app registration, a package is provided that enables the installation via script and automates the entire process. The package contains two PowerShell scripts, a script that is used to create the app registration and an optional script that is only executed when empower® Mails Online is used. The third file is a config file that is used to define important parameters for the registration script in advance to speed up the process. 

config.json, which is important for the script’s setup. Typically, the support team has already customized this file for the app. The config.json file looks like this:

{

  "tenantID": "",

  "appName": "",

  "hostname": "https://",

  "useMailsOnline": false

}

  • tenantID: The tenant ID, must be provided by you.
  • appName: The name of the application.
  • hostname: The base URL of the application.
  • useMailsOnline: Boolean value to indicate if the empower® Mails Online configuration is to be used

EntraIdAppRegistration.ps1: This script is used for app registration.

EntraIdAppRegistration_MailsOnline.ps1: This script is optional and only used for configuring empower® Mails Online

You can use the script to ease the App Registration that is required for empower®.

Please download the script here: PowerShell Script App Registration empower®

This PowerShell script can be used to automatically create the App Registration required for empower® in the Entra ID via PowerShell or Cloud Shell. 

Please note:

The PowerShell script we provide is compatible with the Microsoft Graph PowerShell module version 2.19.0. 

Please note:

Please either use the PowerShell script or Cloud Shell to create the App Registration. 

Use in PowerShell 

Prerequisite is to install the MS Graph PowerShell module: Install PowerShell 

Preparation:

  1. Make sure MS Graph PowerShell module is installed
  2. Unpack the given zip-Folder
  3. Open PowerShell as Admin in the unpacked folder

Execution:

  1. Execute the script EntraIdAppRegistration.ps1 in the path where it is located  
    PowerShell: .\EntraIdAppRegistration.ps1
  2. Using the configuration values. The script will use the values from the config.json file as default values.

  3. Enter the TenantID or confirm the default value from the config file. This can be found, for example, in the Entra. 

    Please enter your Microsoft Entra ID TenantID [Default: Tenant Id from EntraID] (Use Enter for the default value):

  4. The Microsoft login window is triggered. Log in with a user who has access to the VM.
     
  5. Enter the name for the app registration or confirm the default value from the config file. Please enter the wanted name for the App Registration, e.g. empower.
  6. Enter the URL (must start with https://) or if the default value is OK, confirm with Enter.
  7. Next, you will be asked whether the configuration of empower® Mails Online should be activated. Press Enter for the default value (already configured by the support team) or type in your desired value (true or false).

  8. The app registration will now be created automatically and the required data for the backend installer will be shown: Copy the details from here or find the needed details in the file AppRegistrationInfo.json, in the current folder.

    > Finished 

    Copy the details from here or find the needed details in the file AppRegistrationInfo.json, in the current folder

    TenantId : 415660fd-25c9-45a5-94de-0f632fbeb47j 
    clientId : f59b7877-67bb-4ea3-8159-6ef9c7873395 

    Example link: https://snappass.symplasson.de/snappassc41ba9c2cf4e4112 b67a4f44ce443441~OVNAVAoPOKhYB3hJs0UN9bYpCikKS HEqc_JforilSTI%3D

  9. A json file (AppRegistrationInfo.json) is written into the current folder which also contains the data for the backend installer. Save the values TenantID, ClientID, and Client Secret securely.

    "TenantId": "415660fd-25c9-45a5-94de0f632fbeb47j", 
    "clientId": "f59b7877-67bb-4ea3-8159- 6ef9c7873395", 
    "clientSecret": "https://snappass.symplasson.de/snappassc41b a9c2cf4e4112b67a4f44ce443441~OVNAVAoP OKhYB3hJs0UN9bYpCikKSHEqc_JforilSTI%3D", 
    "createDateClientSecret": "21.06.2024", 
    "expirationDateClientSecret": "21.06.2124" 

    }

  10. To open the Client Secret (the secret client key), open the Snappass link in the browser. The link is valid for one month, but can only be opened once.
  11. Please send us the Client Secret afterwards. 

Use in Cloud Shell 

First of all, you should be connected to the tenant (portal.azure.com) in which you want to create the app registration. 

In the browser, enter shell.azure.com. If you use the Cloud Shell for the first time, the following dialog appears. 

Skript_für_die_Azure_App_Registrierung6aa5a76b-b44d-4b91-b7a2-1d0f3da464ea1568646874480948680.png
A subscription must then be selected and Create storage clicked. A storage account for the cloud shell is then created.

After that the cloud shell appears, please select PowerShell here. 

Via the highlighted icon you can upload the script to the Cloud Shell. 

Then, as in PowerShell, simply call the script.


Here, the same entries are to be made as above for the PowerShell, but the TenantID is omitted and a new login is also not necessary.

You only have to enter the name and the URL of empower® and if you want to configure empower® Mails Online.

When the script has run through, you can download the AppRegistration.json file with the app registration information via Download

Alternatively, the information is displayed on the screen again. 

Provide empower® with the AppRegistrationInfo.json 

Once the script is run and you have received the AppRegistrationInfo.json, please send over the file to your Onboarding Specialist or Customer Success Manager. Your Onboarding Specialist or Customer Success Manager has asked for your AppRegistrationInfo.json via OneDrive, where you can upload your file. 

Please follow the steps: 

Click on Upload files in the e-mail you have received from your Onboarding Specialist or Customer Success Manager.

Browse through your device, select your file and click on Upload.  

Your upload has been completed and your Onboarding Specialist or Customer Success Manager will be informed via e-mail.  

Additional Information for empower® 

In addition to the AppRegistrationInfo.json, please provide empower® with the following information: 

Property Value
empower® Group Object ID   
Entra ID Group displayName   
Expiry date Client Secret*   

*You will receive a reminder from empower® before your current Client Secret expires.

empower® Group Object ID:  
This ID is a globally unique identifier (GUID), more precisely, an  Entra ID User Group, which is used to synchronize users to empower®. This way, we ensure that not your complete Entra ID Tenant is synchronized to empower®, but only the users that will work with empower®.

EntraGroup displayName:  
In empower®, in order to grant permissions within empower®, not only users but also groups are synchronized. Therefore, it is useful to work with empower® groups or with groups that can be clustered together via name.

For example, empower® user group = empower_users; empower® admin group = empower_adminusers. This way, we can apply the permissions in empower® directly to the Entra ID groups. 

Ein Bild, das Text enthält. Automatisch generierte Beschreibung




 

 

Was this article helpful?

/

Comments

0 comments

Article is closed for comments.