Directories - Entra - Registration of the Watchdoc application in Microsoft Entra ID

Register the application

To register Watchdoc Server applications in Entra ID:

  1. access the Microsoft Entra Admin Center as an administrator ;

  2. in the left-hand menu, click on Identity > Applications > App registrations:

  3. in the menu of this interface, click on the New registration button:

  4. in the Register an application interface:

    • enter the Name of the application (for example, Watchdoc);

    • tick Accounts in this organisation directory only.

  5. Click Register:

Granting authorisations

Once the application has been registered, configure it:

  1. from the left menu, click on Manage > API permissions;

  2. click on Add a permission;

  3. in the Request API permissions interface, select Microsoft Graph;

  4. Choose the Application Permissions type, which allows Watchdoc to perform operations on its behalf without a specific user context:

 

  1. In Request API permissions interface, search, select and configure the following permissions:

    • Group Group.Read.All : read all groups

    • User : User.Read.All :Read all users' full profiles

  2. Then click on Delegated permissions which allows the Windows client to use the API and act on behalf of the user connecting.

  3. Seach, select and configure the following permissions:

    • email: view users' email address

    • offline_access: maintain access to data you have given it access to

    • User.read: sign in and read user profile
    • openid: sign users in
    • profile: view users' basic profile

  1. Click on Add permissions.

Grant admin consent

Once the authorisations have been added, they appear in the Configured permissions list, with the status Not granted...

  1. Click on Grand admin consent for [ORGANISATION].

  2. Confirm the consent agreement:

Configure authentifcations

Once the consents have been granted, 3 authentications need to be configured:

  1. for the Windows client

  2. for the Watchdoc web interface

  3. for the WSC web interface

For the Windows client

  1. in the management interface of the authorised application,in the left-hand menu, click Authentication :

  2. in the Platform Configurations interface, click on Add a platform ;

  3. select Desktop and Mobile Applications:

  4. in the URI redirection interface, tick the box https://login.microsoftonline.com/common/oauth2/nativeclient

  5. click on Configure:


For Watchdoc web interface

  1. Then click again on Add a platform.

  2. Select Web.

  3. In the Configure web interface , enter the following Redirect URI:

    https://[watchdoc_server_name]/watchdoc/receiveauthorizationcode.asp

  4. Click on Configure :

 

For WSC (Watchdoc Supervision Console) web interface

  1. The URI is displayed in the Web section. In this section, click on Add a URI and enter the following uri:
    https://[serveur_wsc:port_wsc]/Account/ReceiveAuthorizationCode

  2. Click on Save :

Configure a secret

You can add a secret (password) to your application to secure exchanges between it and the directory.

To add a secret :

  1. from the Manage menu, click Certificates & secrets ;

  2. in the Client secrets tab, click Add client secret :

  3. in the Add a client secret interface, enter :

    • a description for your secret

    • an expiry date (limited to 24 months)

     

  4. Click Add.

 

è After confirmation, the value of the secret is displayed: be sure to copy the value of the secret as it is only shown to you once:

View application information

The Overview menu displays the information you need to configure applications in Watchdoc:

  • Application ID (client)

  • Directory ID (tenant) Tenant ID:

    *

     

èOnce the Watchdoc application registered in Entra ID, configure the Entra ID directory in Watchdoc.