Categories

To prevent a loss of CoreView functionality, customers must authorize the use of the Graph API by entering a client ID and client secret within the CoreView application by September 30, 2023.


Microsoft announced the end-of-life date for Entra ID (aka Azure AD) and MSOnline cmdlets at the end of June 2023. However, all cmdlets related to licenses in these two modules will be deprecated by the end of March 2023. CoreView has been preparing for the transition to the Graph API to replace these cmdlets; however, customers must authorize the use of the Graph API by entering a client ID and client secret within the CoreView application.   


Configuration  

Within CoreView, navigate to  Settings > My organization > Graph Management and enter the client ID and client secret for your account.   

 

Getting a Client ID and Client Secret

If you do not already have a client ID and client secret, there are two main ways you can create one: 

  • Via the Entra ID (aka Azure Active Directory) admin center. 
  • Via the PowerShell script linked at the bottom of the page. 


Using the Entra ID (aka Azure Active Directory) admin center 

  1. Select "App registrations".
  2. Select "New registration".


 

3. Enter an application name (I.e., CoreView Integration) and click "Register".


Graphical user interface, text, application, email

Description automatically generated


4. You have now registered the application. Please copy and store the application ID. You will need to upload this information to CoreView's portal.


Graphical user interface, text, application, email

Description automatically generated 

5. From the registered application, click "API permissions" and then "Add a permission".


Graphical user interface, text, application, email

Description automatically generated


6. Select "Microsoft Graph" from the list of services.


Graphical user interface, application

Description automatically generated


7. Select "Application permissions" and add the "User.ReadWrite.All", "Directory.ReadWrite.All" and "Group.ReadWrite.All" permissions. If you need to perform the action Remove Channel User it is required also the additional permission "ChannelMember.ReadWriteAll".


Graphical user interface, text, application, email

Description automatically generated


Graphical user interface, text, application, email

Description automatically generated 


8. Once you have added the three permissions, check the box next to "Grant admin consent".


Graphical user interface, text, application, email

Description automatically generated 


9. Select "Certificates & secrets".
10. Select "New client secret".


Graphical user interface, text, application, email

Description automatically generated 

11. Enter a description and expiration date for the client secret, then select "Add". We suggest an expiration date of 18 months. 


Graphical user interface, text, application, Word

Description automatically generated 

12. Copy the value of the secret immediately after creation, as it will be encrypted the moment you leave the page.



13. Now it's time to copy the Application ID, client secret, and expiration date to CoreView’s portal. You can do it by clicking on Settings > My organization, then "Graph Management":



14. Once you have saved your configuration, you’ll have the ability to update the client secret when needed or delete the configuration entirely.


Client ID matches the Application ID from Azure Entra ID:




And the Client Secret is also pulled from Azure Entra ID:




Using PowerShell

  1. Run a command as administrator

  2. Type PowerShell

  3. Make sure that you have installed the module Azure AD, otherwise run the following: 
    Install-Module -Name AzureAD -RequiredVersion 2.0.2.137 -Confirm:$false -Scope AllUsers -Force
  4. Retrieve the data as below using the location of the folder where it was copied:
    . "path\RegisterAzureAdApp.ps1"
  5. Call the function as below:
    Register-AzureadApp -Name "CoreView Management Integration" -permissions "User.ReadWrite.All", "Directory.ReadWrite.All",  "Group.ReadWrite.All"
  6. To perform the action "Remove Channel User" it is also required the additional permission: 
    "ChannelMemberReadWriteAll".
  7. To manage membership for role-assignable groups, it is required the additional permission:
    "RoleManagement.ReadWrite.Directory".
  8. By default, the expiration date of the Client Secret is one year from the moment the script is executed. We suggest adding the parameter to extend the expiration date to 18 months.
    ExpiresClientSecret "12/31/2023"
    The script will generate the Client ID, the Client Secret, and URL that you need to use to provide the consent on Azure AD.



  9. You can add the below optional parameter:
    -Urlredirect "myurl"
    The URIs we will accept as destinations when returning authentication responses (tokens) after successfully authenticating or signing out users. If not specified, by default it will set to: https://coreview.com

  10. Copy and paste the URL in a web browser and provide the consent using a user with global admin rights.