KB

Sign In

On-Premise: Azure AD Setup for OAuth




This article is intended specifically for on-premise customers who want to use Office 365 / Azure AD oAuth.

You will need to configure an AzureAD enterprise application and configure the following 2 properties, also described in the detailed config:

AZUREAD_CID=Application_Id_from_Azure_ActiveDirectory

AZUREAD_CIS=Client_Secret_from_Azuzre_ActiveDirectory


Obtain value for AZUREAD_CID and AZUREAD_CIS

First, obtain the value for AZUREAD_CID and AZUREAD_CIS. 


Register an application

  • Go to portal.azure.com/ >> Active Directory >> App registrations >> New registration.



Complete app registration

  • Give the app an appropriate name.
  • For 'Supported Account Types' select a Multitenant option, 'Accounts in any organization directory'. 


For 'Redirect URL' select 'Web' and copy and paste the following URL: https://app.onedesk.com/integrations/office365/oauth2redirectWithAuthCode replacing 'app.onedesk.com' with the actual URL of the server you wish to use.

For example,  https://helpdesk.example.com/integrations/office365/oauth2redirectWithAuthCode

  • Click Register.




Add URI

  • In the new app go to Authentication >> Add a platform.

Under the section 'Web' click “Add URI” and enter: " https://app.onedesk.com/integrations/azuread/token " replacing 'app.onedesk.com' with the actual URL of the server you wish to use.

For example,  https://helpdesk.example.com/integrations/azuread/token

  • Click Save.




Delegate permissions

  • In the new app go to API Permissions and “Add a permission” >> Microsoft Graph >> Delegated permissions >> select ALL the permissions listed below. (Use search to help locate the permissions):
  • Directory.Read.All
  • email
  • Group.Read.All
  • IMAP.AccessAsUser.All
  • offline_access
  • openid
  • People.Read
  • profile
  • SMTP.Send
  • User.Read
  • User.ReadBasic.All


Token Configuration

  • In the new app go to “Token Configuration” >> click 'Add optional claim' >> select 'ID'>> check off 'email.'
  • Select 'Add'.



Get client secret

  • In the new app go to 'Certificates & secrets'
  • Under the 'Client secrets' tab, select 'New client Secret'
  • Give it a useful description (eg: “Client Secret for OneDesk’s OnPrem install”)
  • For 'Expires' choose either 'custom' or the largest possible value.
  • Click 'Add'




Save secret token

Before leaving the page save the Value as your secret token.

(Note: Be sure you've copied the secret Value NOT the secret ID. The secret is only available when you create it. You will otherwise need to delete the old one and re-create a new secret to get the secret value. )




Get client ID

You can obtain your Client ID from the newly created app >> Overview >> “Application (client) ID”.




Add entries to root file

In your /root/.OneDesk file add the following entries:

AZUREAD_CID=”your_azuread_application_client_id”

AZUREAD_CIS=”your_secret_token_saved_from_above”


Once you have updated your /root/.OneDesk file you will need to reinstall the packages so the changes are applied.

dnf remove onedesk-db-utils

dnf install onedesk-db-utils onedesk-webapps onedesk-microservices onedesk-customerapps


Reach out to the support team through live chat or email if you have any questions.