Skip to main content

Azure AD App Registration

To connect Dime.Scheduler to Microsoft 365 and other Azure resources, the administrator needs to grant Dime.Scheduler access to the organization's data on Microsoft 365. In Azure Active Directory, this is done with so-called "application registrations". With such registrations, administrators can define what an application is allowed to do. It makes perfect sense to only allow the least permissive permission set and nothing more to prevent potential security leaks.

As you can probably imagine, this being Azure, nearly everything can be done with a multitude of technologies. For the sake of simplicity, we'll stick to two methods: manual creation or PowerShell.

Manually create the Azure AD App

This guide walks you through the process of creating such an application on Azure. However, this particular tutorial demonstrates the setup of Azure AD authentication in Dime.Scheduler, so make sure to select the following permissions:

  • Calendars.Read/Write
  • MailBoxSettings.Read/Write
  • User.Read.All

Don't forget to grant consent for these permissions too. It should look something like this:

Azure AD permissions

Run script to create the Azure AD App

Alternatively, you can copy and run (as administrator) the script below. You'll need to provide two pieces of information:

  • The Azure tenant ID
  • The Azure tenant name

To obtain this information, follow Microsoft's instructions here.

The script will prompt you to enter your credentials, after which it will create the Azure AD app, grant permissions and create a client secret. At the bottom of the script, the client secret will be returned to the output. Don't forget to copy this value because otherwise you'll need to generate another key manually!

[Net.ServicePointManager]::SecurityProtocol = "tls12, tls11, tls"
iex "& { $(irm } -tenantId YOUR-TENANT-ID -tenantName YOUR-TENANT-NAME"

This script, by default, assigns three permissions to the app:

  • Calendars.ReadWrite
  • MailBoxSettings.ReadWrite
  • User.Read.All

This permission set is enough to run both the authentication and Exchange connector. However, if you wish to override this, you can append the applicationPermissions parameter that accepts a PowerShell array such as @('Calendars.ReadWrite', 'MailBoxSettings.ReadWrite', 'User.Read.All').

Finally, the appName parameter allows you to override the name of the app registration.

What's next

Once this setup is done, the connector is good to go. When an appointment is published from Dime.Scheduler, Exchange connector contacts the resource's calendar on Office 365 and it adds, updates or deletes the event from the calendar.