In order to use Microsoft's identity service in Dime.Scheduler, we need to set up a few things in Azure first. In this guide, we'll walk you through the process.
Registering a new application in Azure AD
First things first: you need to log on. Sign in to the Azure portal via this link. Make sure to select the correct account and subscription.
Next up is for you to navigate to the Azure Active Directory service. Once you've done that, navigate to the 'Manage' submenu and click on 'App registrations'.
In the panel on the right hand side, click the button called 'New registration'. A new window appears with a form that requires you to fill out the following information:
- Name: Dime.Scheduler would be a good start
- Supported account types: select 'Accounts in this organizational directory only'
- Redirect URI: select web and then enter the redirect URI (or reply URL) for your application. Provide the base URL of your app, for example:
http://uritodimescheduler/Account/AzureADCallback. Make sure to append the suffix 'Account/AzureADCallback' to the URI.
From the app's Overview page, select API permissions.
Select the Add a permission button.
Add the Microsoft Graph User.Read (https://graph.microsoft.com/User.Read) permission, if it hasn't already been added.
The result should be something like this:
Obtaining the client id and secret
Three pieces of information are required in order to connect Dime.Scheduler with Azure AD:
- Azure Client Id
- Azure Client Secret
- Azure Authorization Endpoint
The client id can be found on the app's home page, as depicted in this image:
The client secret can be obtained by navigating to the 'Certificates & secrets' submenu and creating a new client secret:
You will notice that there is an expiration date to this secret, so make sure to update the key in Dime.Scheduler before it expires. Alternatively, pick a date that's a long time away from now.
Finally, navigate to the Overview section. In the center of the blade, click the "Endpoints" button. This will open a panel on the right hand side of the screen with a series of URIs. Click on the clipboard button of the first item labelled by 'OAuth 2.0 authorization endpoint (v2)'.
Navigate to Administration -> Application and locate the 'Security' tab. This tab exposes two sets of configuration groups:
- Windows AD
- Azure AD
It is important to know that these are very different technologies. At this point we're only interested in connecting with Azure AD.
Copy the three values you just retrieved from the previous section, and paste them in their corresponding form values in Dime.Scheduler. Don't forget to hit the save button. Now you are ready to add some Azure AD users.
Adding a Azure AD User
Adding an Azure AD user is as simple as adding a new record in the User administration view. Two columns are particularly important:
- The type must be 'Azure AD'
- The user's e-mail address must correspond to the e-mail address stored in Azure AD.
Logging in Dime.Scheduler
User logging in via the 'Azure AD' button are redirected to Azure to authenticate to this service. Usually the user name will be already populated and often the password as well if the user logged in on Azure earlier.
If the user logs in Dime.Scheduler for the first time, a window similar to the one below will be prompted. It asks for consent by the user if the requested permissions may be used by Dime.Scheduler: