Home»Support»Frequently Asked Questions»Authorizations
  • Printer Friendly Version
  • Decrease Text SizeIncrease Text Size

Authorizations

Authorizations

Microsoft Azure

  1. Create a new Azure App Registration if you don't already have one.
    • Name: Oxcyon Centralpoint
    • Supported account types: Accounts in any organizational directory (Any Azure AD directory - Multitenant)
    • Redirect URL: Empty
  2. Visit the authentication section and add the following Redirect URIs. First you may have to click Add a platform and select Web.
    • https://[WEBSITE_DOMAIN]/Integrations/Centralpoint/Authorization/OAuthCallback.aspx
    • https://[WEBSITE_DOMAIN]/Console/Integrations/Centralpoint/Authorization/OAuthCallback.aspx
    • https://[WEBSITE_DOMAIN]/Integrations/Centralpoint/Authorization/OneDrivePicker.aspx
    • https://[WEBSITE_DOMAIN]/Console/Integrations/Centralpoint/Authorization/OneDrivePicker.aspx
    • https://[MASTER_DOMAIN]/Integrations/Centralpoint/Authorization/OAuthCallback.aspx
    • https://[MASTER_DOMAIN]/Integrations/Centralpoint/Authorization/OneDrivePicker.aspx
  3. Also in the authentication section select "Access tokens" and "ID tokens" under "Select the tokens you would like to be issued by the authorization endpoint."
  4. The Owners section of the App registration can be used to grant others access to your app registration.
  5. Open API Permissions and add the following permissions under Microsoft Graph > Delegated permissions.
    • email
    • offline_access
    • openid
    • profile
    • Files.Read
    • Files.Read.All
    • Files.ReadWrite
    • Files.ReadWrite.All
    • Sites.Read.All
    • Sites.ReadWriteAll
    • Mail.Read
    • Mail.Read.Shared
    • Mail.ReadBasic
    • Mail.ReadWrite
    • Mail.ReadWrite.Shared
    • Mail.Send
    • Mail.Send.Shared
  6. Create a record in the Admin > Authorizations module using the information in your app registration.
    • System Title: Microsoft Azure
    • Type: Microsoft Azure
    • Tenant ID: A GUID found on the Overview of the app registration under the header "Directory (tenant) ID".
    • Client ID: A GUID found on the Overview of the app registration under the header "Application (client) ID".
    • Client Secret: In the Certificates & Secrets of your app registration you can create a Client Secret. Remember to update this value when it expires.
    • Redirect URL: This attribute is typically left empty.
    • Administration URL & Information: Paste in a link to the App registration for future reference.

OAuth 2.0

This option is designed for developers only. It can be used to configure custom OAuth authorizations in some cases.

Microsoft Azure (Single-Tenant Alternative)

If your organization's security policies require a single-tenant Azure App Registration instead of the multi-tenant configuration described above, you can use the OAuth 2.0 type with tenant-specific endpoints.

Note: The standard multi-tenant configuration is recommended as it simplifies setup and is the standard approach for SaaS applications. The multi-tenant setting only allows your app to authenticate users from different Azure AD tenants - it does not give other organizations access to your data.

To configure a single-tenant Microsoft Azure integration:

  1. Create a new Azure App Registration following the same steps as above, but select:
    • Supported account types: Accounts in this organizational directory only (Single tenant)
  2. Complete steps 2-5 from the Microsoft Azure section above (Redirect URIs, tokens, owners, and API permissions).
  3. Create a record in the Admin > Authorizations module using the information from your app registration:
    • System Title: Microsoft Azure
    • Type: OAuth 2.0
    • Flow: Authorization Code
    • Authorize URL: https://login.microsoftonline.com/[TENANT_ID]/oauth2/v2.0/authorize
    • Token URL: https://login.microsoftonline.com/[TENANT_ID]/oauth2/v2.0/token
    • Client ID: A GUID found on the Overview of the app registration under the header "Application (client) ID".
    • Client Secret: In the Certificates & Secrets of your app registration you can create a Client Secret. Remember to update this value when it expires.
    • Redirect URL: This attribute is typically left empty.
    • Administration URL & Information: Paste in a link to the App registration for future reference.

Important: Replace [TENANT_ID] in the Authorize URL and Token URL with your actual Directory (tenant) ID GUID from the Azure App Registration Overview page.