Directories - Entra - Registration of the Watchdoc application in Microsoft Entra ID

Register the application

To register Watchdoc Server applications in Entra ID:

  1. access the Microsoft Entra Admin Center as an administrator ;

  2. in the left-hand menu, click on Applications > App registration:

  3. in the menu of this interface, click on the New registration button:

  4. in the App registrations interface:

    • enter the name of the application (for example, Watchdoc);

    • tick Accounts in this organisation directory only.

  5. Click Register:

Granting authorisations

Once the application has been registered, configure it:

  1. click on Manage > API permissions;

  2. click on Add a permission;

  3. in the Request API permissions interface, select Microsoft Graph;

  4. Choose the Application Permissions type, which allows Watchdoc to perform operations on its behalf without a specific user context:

 

  1. In Request API permissions interface, search, select and configure the following permissions:

    • Group Group.Read.All : read all groups

    • User : User.Read.All :Read all users' full profiles

  2. Then click on Delegated permissions which allows the Windows client to use the API and act on behalf of the user connecting.

  3. Seach, select and configure the following permissions:

    • email: view users' email address
    • offline_access: maintain access to data you have given it access to

    • User.read: sign in and read user profile
    • openid: sign users in
    • profile: view users' basic profile
  1. Click on Add permissions.

Grand admin consent

Once the authorisations have been added, they appear in the Configured permissions list, with the status Not granted...

  1. Click on Grand admin consent for [ORGANISATION]

  2. Confirmez l'accord de consentement :

Configure authentifcations

Once the consents have been granted, two platforms need to be configured:

  1. in the left-hand menu, click Authentication :

  2. in the Platform Configurations interface, click on Add a platform ;

  3. select Desktop and Mobile Applications:

  4. in the URI redirection interface, tick the box https://login.microsoftonline.com/common/oauth2/nativeclient

  5. click on Configure:



  1. Then click again on Add a platform.

  2. Select Web.

  3. In the Configurer web interface , enter the following Redirect URI:

    https://[watchdoc_server_name]/watchdoc/receiveauthorizationcode.asp.

  4. Click on Configure :

     

  1. The URI is displayed in the Web section. In this section, click on Add a URI and enter the following uri:
    https://[print_server_name]/watchdoc/receiveauthorizationcode.asp

  2. Click on Save :

Configure a secret

You can add a secret (password) to your application to secure exchanges between it and the directory.

To add a secret :

  1. from the Manage menu, click Certificates & secrets ;

  2. in the Client secrets tab, click Add client secret :

  3. in the Add a client secret interface, enter :

    • a description for your secret

    • an expiry date (limited to 24 months)

     

  4. Click Add.

 

รจ After confirmation, the value of the secret is displayed: be sure to copy the value of the secret as it is only shown to you once:

View application information

The Overview menu displays the information you need to configure applications in Watchdoc:

  • Application ID (client)

  • Directory ID (tenant) Tenant ID: