Directories - Entra - Registration of the Watchdoc application in Microsoft Entra ID
Register the application
To register Watchdoc Server applications in Entra ID:
-
access the Microsoft Entra Admin Center as an administrator ;
-
in the left-hand menu, click on Applications > App registration:
-
in the menu of this interface, click on the New registration button:
-
in the App registrations interface:
-
enter the name of the application (for example, Watchdoc);
-
tick Accounts in this organisation directory only.
-
-
Click Register:
Granting authorisations
Once the application has been registered, configure it:
-
click on Manage > API permissions;
-
click on Add a permission;
-
in the Request API permissions interface, select Microsoft Graph;
-
Choose the Application Permissions type, which allows Watchdoc to perform operations on its behalf without a specific user context:
-
In Request API permissions interface, search, select and configure the following permissions:
-
Group > Group.Read.All : read all groups
-
User : User.Read.All :Read all users' full profiles
-
-
Then click on Delegated permissions which allows the Windows client to use the API and act on behalf of the user connecting.
-
Seach, select and configure the following permissions:
- email: view users' email address
-
offline_access: maintain access to data you have given it access to
- User.read: sign in and read user profile
- openid: sign users in
- profile: view users' basic profile
-
Click on Add permissions.
Grand admin consent
Once the authorisations have been added, they appear in the Configured permissions list, with the status Not granted...
-
Click on Grand admin consent for [ORGANISATION]
-
Confirmez l'accord de consentement :
Configure authentifcations
Once the consents have been granted, two platforms need to be configured:
-
in the left-hand menu, click Authentication :
-
in the Platform Configurations interface, click on Add a platform ;
-
select Desktop and Mobile Applications:
-
in the URI redirection interface, tick the box https://login.microsoftonline.com/common/oauth2/nativeclient
-
click on Configure:
-
Then click again on Add a platform.
-
Select Web.
-
In the Configurer web interface , enter the following Redirect URI:
https://[watchdoc_server_name]/watchdoc/receiveauthorizationcode.asp
. -
Click on Configure :
-
The URI is displayed in the Web section. In this section, click on Add a URI and enter the following uri:
https://[print_server_name]/watchdoc/receiveauthorizationcode.asp
-
Click on Save :
Configure a secret
You can add a secret (password) to your application to secure exchanges between it and the directory.
To add a secret :
-
from the Manage menu, click Certificates & secrets ;
-
in the Client secrets tab, click Add client secret :
-
in the Add a client secret interface, enter :
-
a description for your secret
-
an expiry date (limited to 24 months)
-
-
Click Add.
รจ After confirmation, the value of the secret is displayed: be sure to copy the value of the secret as it is only shown to you once:
View application information
The Overview menu displays the information you need to configure applications in Watchdoc:
-
Application ID (client)
-
Directory ID (tenant) Tenant ID: