| Table of Contents | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
...
Creating Azure Application for Microsoft Partner Center
Step 1a: Login to https://portal.azure.com/ using MFA Enabled Global Administrator Role to get Client ID, Secret ID and set permissions.
Step 1b: In the Microsoft Azure Portal, search for Azure Active Directory and select it.
...
Create an application as per the integration of a single tenant or multiple tenants.
Once the application is created click on the "Manifest" option under Manage as shown below.
This will open a JSON file.
Replace the requiredResourceAccess key value with the JSON value given below and click on save. this will add all required API permission in one go.
a. For Single tenant application.
"requiredResourceAccess": [
{
"resourceAppId": "00000003-0000-0000-c000-000000000000",
"resourceAccess": [
{
"id": "4908d5b9-3fb2-4b1e-9336-1888b7937185",
"type": "Scope"
},
{
"id": "e1fe6dd8-ba31-4d61-89e7-88639da4683d",
"type": "Scope"
},
{
"id": "498476ce-e0fe-48b0-b801-37ba7e2685c6",
"type": "Role"
}
]
},
{
"resourceAppId": "fa3d9a0c-3fb0-42cc-9193-47c7ecd2edbd",
"resourceAccess": [
{
"id": "1cebfa2a-fb4d-419e-b5f9-839b4383e05a",
"type": "Scope"
}
]
}
],
b. For Multi-tenant application.
"requiredResourceAccess": [
{
"resourceAppId": "00000003-0000-0000-c000-000000000000",
"resourceAccess": [
{
"id": "3de2cdbe-0ff5-47d5-bdee-7f45b4749ead",
"type": "Scope"
},
{
"id": "4908d5b9-3fb2-4b1e-9336-1888b7937185",
"type": "Scope"
},
{
"id": "ebfcd32b-babb-40f4-a14b-42706e83bd28",
"type": "Scope"
},
{
"id": "e4c9e354-4dc5-45b8-9e7c-e1393b0b1a20",
"type": "Scope"
},
{
"id": "314874da-47d6-4978-88dc-cf0d37f0bb82",
"type": "Scope"
},
{
"id": "64733abd-851e-478a-bffb-e47a14b18235",
"type": "Scope"
},
{
"id": "02e97553-ed7b-43d0-ab3c-f8bace0d040c",
"type": "Scope"
},
{
"id": "e1fe6dd8-ba31-4d61-89e7-88639da4683d",
"type": "Scope"
},
{
"id": "a154be20-db9c-4678-8ab7-66f6cc099a59",
"type": "Scope"
},
{
"id": "5f8c59db-677d-491f-a6b8-5f174b11ec1d",
"type": "Scope"
},
{
"id": "06da0dbc-49e2-44d2-8312-53f166ab848a",
"type": "Scope"
},
{
"id": "e383f46e-2787-4529-855e-0e479a3ffac0",
"type": "Scope"
},
{
"id": "f6a3db3e-f7e8-4ed2-a414-557c8c9830be",
"type": "Scope"
},
{
"id": "fdc4c997-9942-4479-bfcb-75a36d1138df",
"type": "Role"
},
{
"id": "5b567255-7703-4780-807c-7be8301ae99b",
"type": "Role"
},
{
"id": "498476ce-e0fe-48b0-b801-37ba7e2685c6",
"type": "Role"
},
{
"id": "658aa5d8-239f-45c4-aa12-864f4fc7e490",
"type": "RoleAPI Permissions to be set manually:
Below are the permissions required for a CSP account. Make sure to have these API permissions(the below-mentioned API Permissions should have type as Application and Delegated) in place.
Step 3a: Navigate to API Permissions and select +Add a permission.
Under Request API Permissions, Select APIs my organization uses
Search for Microsoft Partner Centre (first option) and select it.
Step 3b: Once Microsoft Partner Centre is selected new page will open under Microsoft Partner Centre.
Under Delegated Permissions → Select permission → search for user_impersonation click the check box and click on Add permissions.
...
Once the permissions are saved it will show a successful pop-up as “Successfully saved permissions for <Application_name>”.
...
Step 3c: Under API Permissions, Click on Microsoft Graph.
Search permission for the name Organization and select the Organization.Read.All permissions.
Search permission for the name User and select the User.Read permissions.
Once done, click on Update Permissions.
...
Step 3d: Once permissions are set, on the same page, please grant admin access by clicking on the Grant admin consent for Connect Secure and click on the Yes button
...
The Access will be granted and the status of the permissions can be seen as granted for Connect Secure.
Step 4a: Navigate to Enterprise Application> All Applications, search for the Application_name which is created & click on that Application_name.
...
Step 4b: Once opened, navigate to the Security Section on the left-hand side and select Permissions.
Under the Permissions, Click on Grant Admin Consent for Connect Secure.
...
On Granting the Consent it will redirect to the Microsoft User login screen.
Provide user email used (MFA Enabled Global Administrator)
...
Click on Accept under permissions requested.
...
This completes adding Azure Application for Microsoft Partner Center.
Multi-Tenant application
Refer to this video for the detailed steps documented below.
...
Creating Azure Application for Azure Active Directory
Step 2a: Navigate to Azure Active Directory, Click on App Registration.
App Registration
Step 2b: Register an application will need below information:
Name - Any Name for the application. E.g. CyberCNS_Azure_CSP
Select the Supported Account Types as Multi Tenant.
Redirect URL -
Under the select platform box select as Web.
Second box give the URL link as https://authccns.mycybercns.com/
Once all the information is entered correctly click on the Register Button.
...
Once the application is registered successfully, it will give a Pop-up Message as “Successfully created application <Application Name>”.
Step 2c: Copy the Application (Client) ID and Directory(Tenant) ID from here to be provided into the CyberCNS portal under Azure AD CSP Integration>Credentials> Azure Application for Azure Active Directory.
...
Certificate and Secrets
To create a New Client Secret for this created application, Navigate to Certificate and Secrets> Client Secrets> New Client Secret.
Provide a Description for this new client secret
Provide until when this Client Secret can be used and then click on Add.
| Info |
|---|
Partner need to renew the client secret once it expires and add it back to CyberCNS portal. |
...
Step 2c: Once added an auto-generated Value will be seen. Copy the Value and use it as a Client Secret into CyberCNS Portal.
API Permissions
Below are the steps to add all required API permissions for the Azure AD application in a single shot, instead of adding them one by one.
Create an application as per the integration of multi-tenants.
Once the application is created click on the "Manifest" option under Manage as shown below.
This will open a JSON file.
Replace the requiredResourceAccess key value with the JSON value given below and click on save. this will add all required API permission in one go.
"requiredResourceAccess": [
{
"resourceAppId": "00000003-0000-0000-c000-000000000000",
"resourceAccess": [
{
"id": "3de2cdbe-0ff5-47d5-bdee-7f45b4749ead",
"type": "Scope"
},
{
"id": "2f51be204908d5b9-0bb43fb2-4fed4b1e-bf7b9336-db946066c75e1888b7937185",
"type": "RoleScope"
},
{
"id": "bf394140ebfcd32b-e372babb-4bf940f4-a898a14b-299cfc7564e542706e83bd28",
"type": "RoleScope"
},
{
"id": "df021288e4c9e354-bdef4dc5-446345b8-88db9e7c-98f22de89214e1393b0b1a20",
"type": "RoleScope"
},
{
"id": "b0afded3314874da-358847d6-46d84978-8b3d88dc-9842eff778dacf0d37f0bb82",
"type": "RoleScope"
},
{
"id": "d07a8cc064733abd-3d51851e-4b77478a-b3b0bffb-32704d1f69fae47a14b18235",
"type": "RoleScope"
},
{
"id": "230c1aed02e97553-a721ed7b-4c5d43d0-9cb4ab3c-a90514e508eff8bace0d040c",
"type": "RoleScope"
},
{
"id": "b633e1c5e1fe6dd8-b582ba31-40484d61-a93e89e7-9f11b44c7e9688639da4683d",
"type": "RoleScope"
},
{
"id": "7ab1d382a154be20-f21edb9c-4acd4678-a8638ab7-ba3e13f7da6166f6cc099a59",
"type": "RoleScope"
},
]
}
],API Permissions to be set manually:
Below are the permissions required for a CSP account. Make sure to have these API permissions(the below-mentioned API Permissions should have type as Application and Delegated) in place.
Step 3a: Navigate to API Permissions and select +Add a permission.
Under Request API Permissions, Select APIs my organization uses
Search for Microsoft Partner Centre (first option) and select it.
Step 3b: Once Microsoft Partner Centre is selected new page will open under Microsoft Partner Centre.
Under Delegated Permissions → Select permission → search for user_impersonation click the check box and click on Add permissions.
...
Once the permissions are saved it will show a successful pop-up as “Successfully saved permissions for <Application_name>”.
...
Step 3c: Under API Permissions, Click on Microsoft Graph.
Search permission for the name Organization and select the Organization.Read.All permissions.
Search permission for the name User and select the User.Read permissions.
Once done, click on Update Permissions.
...
Step 3d: Once permissions are set, on the same page, please grant admin access by clicking on the Grant admin consent for Connect Secure and click on the Yes button
...
The Access will be granted and the status of the permissions can be seen as granted for Connect Secure.
Step 4a: Navigate to Enterprise Application> All Applications, search for the Application_name which is created & click on that Application_name.
...
Step 4b: Once opened, navigate to the Security Section on the left hand side and select Permissions.
Under the Permissions, Click on Grant Admin Consent for Connect Secure.
...
On Granting the Consent it will redirect to the Microsoft User login screen.
Provide user email used (MFA Enabled Global Administrator)
...
Click on Accept under permissions requested.
...
This completes adding Azure Application for Microsoft Partner Center.
Multi-Tenant application
Refer to this video for the detailed steps documented below.
...
Creating Azure Application for Azure Active Directory
Step 2a: Navigate to Azure Active Directory, Click on App Registration.
App Registration
Step 2b: Register an application will need below information:
Name - Any Name for the application. E.g. CyberCNS_Azure_CSP
Select the Supported Account Types as Multi Tenant.
Redirect URL -
Under the select platform box select as Web.
Second box give the URL link as https://authccns.mycybercns.com/
Once all the information is entered correctly click on the Register Button.
...
Once the application is registered successfully, it will give a Pop-up Message as “Successfully created application <Application Name>”.
Step 2c: Copy the Application (Client) ID and Directory(Tenant) ID from here to be provided into the CyberCNS portal under Azure AD CSP Integration>Credentials> Azure Application for Azure Active Directory.
...
Certificate and Secrets
To create a New Client Secret for this created application, Navigate to Certificate and Secrets> Client Secrets> New Client Secret.
Provide a Description for this new client secret
Provide until when this Client Secret can be used and then click on Add.
| Info |
|---|
Partner need to renew the client secret once it expires and add it back to CyberCNS portal. |
...
Step 2c: Once added an auto-generated Value will be seen. Copy the Value and use it as a Client Secret into CyberCNS Portal.
...
{
"id": "5f8c59db-677d-491f-a6b8-5f174b11ec1d",
"type": "Scope"
},
{
"id": "06da0dbc-49e2-44d2-8312-53f166ab848a",
"type": "Scope"
},
{
"id": "e383f46e-2787-4529-855e-0e479a3ffac0",
"type": "Scope"
},
{
"id": "f6a3db3e-f7e8-4ed2-a414-557c8c9830be",
"type": "Scope"
},
{
"id": "fdc4c997-9942-4479-bfcb-75a36d1138df",
"type": "Role"
},
{
"id": "5b567255-7703-4780-807c-7be8301ae99b",
"type": "Role"
},
{
"id": "498476ce-e0fe-48b0-b801-37ba7e2685c6",
"type": "Role"
},
{
"id": "658aa5d8-239f-45c4-aa12-864f4fc7e490",
"type": "Role"
},
{
"id": "2f51be20-0bb4-4fed-bf7b-db946066c75e",
"type": "Role"
},
{
"id": "bf394140-e372-4bf9-a898-299cfc7564e5",
"type": "Role"
},
{
"id": "df021288-bdef-4463-88db-98f22de89214",
"type": "Role"
},
{
"id": "b0afded3-3588-46d8-8b3d-9842eff778da",
"type": "Role"
},
{
"id": "d07a8cc0-3d51-4b77-b3b0-32704d1f69fa",
"type": "Role"
},
{
"id": "230c1aed-a721-4c5d-9cb4-a90514e508ef",
"type": "Role"
},
{
"id": "b633e1c5-b582-4048-a93e-9f11b44c7e96",
"type": "Role"
},
{
"id": "7ab1d382-f21e-4acd-a863-ba3e13f7da61",
"type": "Role"
}
]
}
],
API Permissions to be set manually:
Step 2d: Below are the permissions required for a CSP account. Make sure to have these API permissions(the below-mentioned API Permissions should have type as Application and Delegated) in place.
...