How to set up your tenant for the switch to Microsoft Graph API

Modified on Thu, 28 Jul 2022 at 01:45 PM

How to set up your tenant for the switch to Microsoft Graph API 

 

URGENT! 

To prevent a loss of CoreView functionality, customers must authorize the use of the Graph API by entering a client ID and client secret within the CoreView application by the end of August.  

 

Microsoft announced the end-of-life date for Azure AD and MSOnline cmdlets at the end of 2022. However, all cmdlets related to licenses in these two modules will be deprecated by the end of August. CoreView has been preparing for the transition to the Graph API to replace these cmdlets; however, customers must authorize the use of the Graph API by entering a client ID and client secret within the CoreView application.   

 

 

Configuration  

Within CoreView, navigate to My Organization > Graph Management Configuration and enter the client ID and client secret for your account.    

 

 

Getting a Client ID and Client Secret 

If you do not already have a client ID and client secret, there are two main ways you can create one: 

  • Via the Azure Active Directory admin center. 

  • Via the PowerShell script linked at the bottom of the page. 

 

 Using the Azure Active Directory admin center  

  1. Select App registrations  

  2. Select New registration


    Graphical user interface, text, application, Teams

Description automatically generated 
  3. Enter an application name (I.e., CoreView Integration) and click Register.  


    Graphical user interface, text, application, email

Description automatically generated
  4. You have now registered the application.  Please copy and store the application ID. You will need to upload this information to CoreView’s portal. 


    Graphical user interface, text, application, email

Description automatically generated 
  5. From the registered application, click API permissions and then Add a permission. 


    Graphical user interface, text, application, email

Description automatically generated 
  6. Select Microsoft Graph from the list of services


    Graphical user interface, application

Description automatically generated
  7. Select Application permissions and add the "User.ReadWrite.All", "Directory.ReadWrite.All" and "Group.ReadWrite.All" permissions


    Graphical user interface, text, application, email

Description automatically generatedGraphical user interface, text, application, email

Description automatically generated 
  8. Once you have added the three permissions, check the box next to Grant admin consent 


    Graphical user interface, text, application, email

Description automatically generated 
  9. Select Certificates & secrets 

  10. Select New client secret


    Graphical user interface, text, application, email

Description automatically generated 
  11. Enter a description and expiration date for the client secret, then select Add. We suggest an expiration date of 18 months. 


    Graphical user interface, text, application, Word

Description automatically generated 
  12. Copy the value of the secret immediately after creation, as it will be encrypted the moment you leave the page. 


    Graphical user interface, text, application, email

Description automatically generated 
  13. Now it’s time to copy the Application ID, client secret and expiration date to CoreView’s portal. You can do it by clicking on My organization, then Graph Management Configuration.


    Graphical user interface, application, table, Word

Description automatically generated 
  14. Once you have saved your configuration, you’ll have the ability to update the client secret when needed or delete the configuration entirely. 

Graphical user interface, text, application, email

Description automatically generated 

Using Powershell 

  1. Run a command as administrator 
  2. Type PowerShell
  3.   Make sure that you have installed the module Azure AD, otherwise run the following:
    Install-Module -Name AzureAD -RequiredVersion 2.0.2.137 -Confirm:$false -Scope AllUsers -Force 
  4. Retrieve the data as below using the location of the folder where it was copied:
    . "path\RegisterAzureAdApp.ps1"
  5. Call the function as below: 
    Register-AzureadApp -Name "CoreView Management Integration" -permissions "User.ReadWrite.All", "Directory.ReadWrite.All",  "Group.ReadWrite.All" 
  6. By default, the expiration date of the Client Secret is one year from the moment the script is executed. We suggest adding the parameter to extend the expiration date to 18 months.  
    ExpiresClientSecret "12/31/2023"
    The script will generate the Client ID, the Client Secret, and URL that you need to use to provide the consent on Azure AD.
  7. You can add the below optional parameter 

    -Urlredirect "myurl"

    The URIs we will accept as destinations when returning authentication responses (tokens) after successfully authenticating or signing out users.
    If not specified, by default it will set to: https://coreview.com

  8. Copy and paste the URL in a web browser and provide the consent using a user with global admin rights. 

   

 

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us how can we improve this article!

Select atleast one of the reasons

Feedback sent

We apprciate your effort and will try to fix the article