Categories

How to set up your tenant for the switch to Microsoft Graph API 

 

URGENT! 

To prevent a loss of CoreView functionality, customers must authorize the use of the Graph API by entering a client ID and client secret within the CoreView application by the end of March 31 2023.  

 

Microsoft announced the end-of-life date for Azure AD and MSOnline cmdlets at the end of June 2023. However, all cmdlets related to licenses in these two modules will be deprecated by the end of March 2023. CoreView has been preparing for the transition to the Graph API to replace these cmdlets; however, customers must authorize the use of the Graph API by entering a client ID and client secret within the CoreView application.   

 

 

Configuration  

Within CoreView, navigate to My Organization > Graph Management Configuration and enter the client ID and client secret for your account.    

 

 

Getting a Client ID and Client Secret 

If you do not already have a client ID and client secret, there are two main ways you can create one: 

  • Via the Azure Active Directory admin center. 

  • Via the PowerShell script linked at the bottom of the page. 

 

 Using the Azure Active Directory admin center  

  1. Select App registrations  

  2. Select New registration


    Graphical user interface, text, application, Teams Description automatically generated 

  3. Enter an application name (I.e., CoreView Integration) and click Register.  


    Graphical user interface, text, application, email Description automatically generated

  4. You have now registered the application.  Please copy and store the application ID. You will need to upload this information to CoreView’s portal. 


    Graphical user interface, text, application, email Description automatically generated 

  5. From the registered application, click API permissions and then Add a permission. 


    Graphical user interface, text, application, email Description automatically generated 

  6. Select Microsoft Graph from the list of services


    Graphical user interface, application Description automatically generated

  7. Select Application permissions and add the "User.ReadWrite.All", "Directory.ReadWrite.All" and "Group.ReadWrite.All" permissions. If you need to perform the action Remove Channel User it is required also the additional permission 'ChannelMemberReadWriteAll'


    Graphical user interface, text, application, email Description automatically generatedGraphical user interface, text, application, email Description automatically generated 

  8. Once you have added the three permissions, check the box next to Grant admin consent 


    Graphical user interface, text, application, email Description automatically generated 

  9. Select Certificates & secrets 

  10. Select New client secret


    Graphical user interface, text, application, email Description automatically generated 

  11. Enter a description and expiration date for the client secret, then select Add. We suggest an expiration date of 18 months. 


    Graphical user interface, text, application, Word Description automatically generated 

  12. Copy the value of the secret immediately after creation, as it will be encrypted the moment you leave the page. 


    Graphical user interface, text, application, email Description automatically generated 

  13. Now it’s time to copy the Application ID, client secret and expiration date to CoreView’s portal. You can do it by clicking on My organization, then Graph Management Configuration.


    Graphical user interface, application, table, Word Description automatically generated 

  14. Once you have saved your configuration, you’ll have the ability to update the client secret when needed or delete the configuration entirely. 

Graphical user interface, text, application, email Description automatically generated 


Client ID matches the Application ID from Azure:


And the Client Secret is also pulled from Azure: 


Using Powershell 

  1. Run a command as administrator 
  2. Type PowerShell
  3.   Make sure that you have installed the module Azure AD, otherwise run the following:
    Install-Module -Name AzureAD -RequiredVersion 2.0.2.137 -Confirm:$false -Scope AllUsers -Force 
  4. Retrieve the data as below using the location of the folder where it was copied:
    . "path\RegisterAzureAdApp.ps1"
  5. Call the function as below: 
    Register-AzureadApp -Name "CoreView Management Integration" -permissions "User.ReadWrite.All", "Directory.ReadWrite.All",  "Group.ReadWrite.All". If you need to perform the action Remove Channel User it is required also the additional permission 'ChannelMemberReadWriteAll'. If you need to manage membership for role assignable groups, it is required the additional permission '    RoleManagement.ReadWrite.Directory'.


  6. By default, the expiration date of the Client Secret is one year from the moment the script is executed. We suggest adding the parameter to extend the expiration date to 18 months.  
    ExpiresClientSecret "12/31/2023"
    The script will generate the Client ID, the Client Secret, and URL that you need to use to provide the consent on Azure AD.
  7. You can add the below optional parameter 

    -Urlredirect "myurl"

    The URIs we will accept as destinations when returning authentication responses (tokens) after successfully authenticating or signing out users.
    If not specified, by default it will set to: https://coreview.com

  8. Copy and paste the URL in a web browser and provide the consent using a user with global admin rights. 

   

 

Attachments (1)

ps1

RegisterAzur....ps1
3.47 KB