Skip to main content

Microsoft Entra ID App Registration

To connect Dime.Scheduler to Microsoft 365 and other Azure resources, the administrator needs to grant Dime.Scheduler access to the organization's data on Microsoft 365. In Microsoft Entra ID, this is done with so-called "application registrations". With such registrations, administrators can define what an application is allowed to do. It makes perfect sense to only allow the least permissive permission set and nothing more to prevent potential security leaks.

As you can probably imagine, this being Azure, nearly everything can be done with a multitude of technologies. For the sake of simplicity, we'll stick to two methods: manual creation or PowerShell.

Manually create the Microsoft Entra ID App

Registering a new application in Microsoft Entra ID

First things first: you need to log on. Sign in to the Azure portal via this link. Make sure to select the correct account and subscription.

Next up is for you to navigate to the Microsoft Entra ID service. Once you've done that, navigate to the 'Manage' submenu and click on 'App registrations'.

Microsoft Entra ID

In the panel on the right hand side, click the button called 'New registration'. A new window appears with a form that requires you to fill out the following information:

  • Name: Dime.Scheduler would be a good start
  • Supported account types: select 'Accounts in this organizational directory only'
  • Redirect URI: select web and then enter https://app.dimescheduler.com/signin-microsoft.

Adding permissions

  • From the app's Overview page, select API permissions.

  • Select the Add a permission button.

  • Add the following permissions:

    • Calendars.Read/Write
    • MailBoxSettings.Read/Write
    • User.Read.All

  • The result should be something like this:

    Microsoft Entra ID permissions

Obtaining the client id and secret

Three pieces of information are required in order to connect Dime.Scheduler with Microsoft Entra ID:

  • Azure Client Id
  • Azure Client Secret
  • Azure Authorization Endpoint

The client id can be found on the app's home page, as depicted in this image: Microsoft Entra ID Client ID

The client secret can be obtained by navigating to the 'Certificates & secrets' submenu and creating a new client secret:

Microsoft Entra ID Client ID

You will notice that there is an expiration date to this secret, so make sure to update the key in Dime.Scheduler before it expires. Alternatively, pick a date that's a long time away from now.

Finally, navigate to the Overview section. In the center of the blade, click the "Endpoints" button. This will open a panel on the right hand side of the screen with a series of URIs. Click on the clipboard button of the first item labelled by 'OAuth 2.0 authorization endpoint (v2)'.

Run script to create the Microsoft Entra ID App

Alternatively, you can copy and run (as administrator) the script below. You'll need to provide two pieces of information:

  • The Azure tenant ID
  • The Azure tenant name

To obtain this information, follow Microsoft's instructions here.

The script will prompt you to enter your credentials, after which it will create the Microsoft Entra ID app, grant permissions and create a client secret. At the bottom of the script, the client secret will be returned to the output. Don't forget to copy this value because otherwise you'll need to generate another key manually!

[Net.ServicePointManager]::SecurityProtocol = "tls12, tls11, tls"
iex "& { $(irm https://gist.githubusercontent.com/hbulens/ba4a5812af7ff8fd1d8fa88ff2346691/raw) } -tenantId YOUR-TENANT-ID -tenantName YOUR-TENANT-NAME"

This script, by default, assigns three permissions to the app:

  • Calendars.ReadWrite
  • MailBoxSettings.ReadWrite
  • User.Read.All

This permission set is enough to run both the authentication and Exchange connector. However, if you wish to override this, you can append the applicationPermissions parameter that accepts a PowerShell array such as @('Calendars.ReadWrite', 'MailBoxSettings.ReadWrite', 'User.Read.All').

Finally, the appName parameter allows you to override the name of the app registration.

Required values

Once the app registration is made, we'll need the following bits of information:

  • The MS Entra ID tenant id
  • The MS Entra ID app registration client id
  • The MS Entra ID app registration client secret

Copy these values and paste them in the Exchange setup page.

Last updated on by Hendrik Bulens