OD-KB

Sign In

On-Premise: Azure AD Setup for OAuth




This article is intended specifically for on-premise customers who want to use Office 365 / Azure AD oAuth.

You will need to configure an AzureAD enterprise application and configure the following 2 properties, also described in the detailed config:

AZUREAD_CID=Application_Id_from_Azure_ActiveDirectory

AZUREAD_CIS=Client_Secret_from_Azuzre_ActiveDirectory


Obtain value for AZUREAD_CID and AZUREAD_CIS

First, obtain the value for AZUREAD_CID and AZUREAD_CIS. 


Register an application

  • Go to portal.azure.com/ >> Active Directory >> App registrations >> New registration.



Complete app registration

  • Give the app an appropriate name.
  • For 'Supported Account Types' select either 'Accounts in this organizational directory only' or 'Account in any organizational directory.'
  • For 'Redirect URL' select 'Web' and copy and paste the following URL: https://your_server_url/integrations/office365/oauth2redirectWithAuthCode replacing 'your_server_url' with the actual URL of the server you wish to use. For example,  https://helpdesk.example.com/integrations/office365/oauth2redirectWithAuthCode
  • Click Register.



Add URI

  • In the new app go to Authentication >> Add a platform.
  • Under the section 'Web' click “Add URI” and enter: " https://your_server_url/integrations/azuread/token "  replacing 'your_server_url' with the actual URL of the server you wish to use. For example,  https://helpdesk.example.coml/integrations/office365/oauth2redirectWithAuthCode
  • Click Save.



Delegate permissions

  • In the new app go to API Permissions and “Add a permission” >> Microsoft Graph >> Delegated permissions >> select ALL the permissions listed below. (Use search to help locate the permissions):
  • Directory.Read.All
  • email
  • Group.Read.All
  • IMAP.AccessAsUser.All
  • offline_access
  • openid
  • People.Read
  • profile
  • SMTP.Send
  • User.Read
  • User.ReadBasic.All


Token Configuration

  • In the new app go to “Token Configuration” >> click 'Add optional claim' >> select 'ID'>> check off 'email.'
  • Select 'Add'.



Get client secret

  • In the new app go to 'Certificates & secrets'
  • Under the 'Client secrets' tab, select 'New client Secret'
  • Give it a useful description (eg: “Client Secret for OneDesk’s OnPrem install”)
  • For 'Expires' choose either 'custom' or the largest possible value.
  • Click 'Add'



Save secret token

Before leaving the page save the Value as your secret token.



Get client ID

You can obtain your Client ID from the newly created app >> Overview >> “Application (client) ID”.


Add entries to root file

In your /root/.OneDesk file add the following entries:

AZUREAD_CID=”your_azuread_application_client_id”

AZUREAD_CIS=”your_secret_token_saved_from_above”


Once you have updated your /root/.OneDesk file you will need to reinstall the packages so the changes are applied.

dnf remove onedesk-db-utils

dnf install onedesk-db-utils onedesk-webapps onedesk-microservices onedesk-customerapps


Reach out to the support team through live chat or email if you have any questions.