Configure OAuth2 with Microsoft Azure portal 2019

The administration platform allows you to use a Microsoft account for OAuth2 authentication. The corresponding procedure is detailed in this document.

Prerequisites

To set up OAuth2 with a Microsoft account, you need:

• The URL of your server (public or private).
  For example, "https://www.my_server.com" or "https://MyServerName".
• A Microsoft account to administer the service. This can be done from the this link.
  In the following example, we will use mock account "my_admin_account@live.com".
• To select a name for your OAuth2 service. It must start with a letter (A-Z or a-z), followed with any combination of letters (A-Z or a-z), digits, or underscores.
  In the following example, the name "Microsoft" is used.
• To configure Oauth2 as a valid authentication method in your Sage X3 nodelocal.js file:
  

  session: {timeout: 30, // minutescheckInterval: 60, // secondsauth: ["basic", "oauth2"]}

Access the portal

Log on to the Microsoft Azure portal.

Register your application

1. From the Portal home, click the Azure Active Directory icon.
   
2. Then click App registrations.
   
3. Click New registration.
   
4. Fill in the form with the:
   • Name
   • appropriate Supported account type
   • Redirect URI
   In the sample below, azuread is the name of your Sage X3 OAuth2 configuration.
   
5. Then click Register and select the new application that appears in the list.
   
6. Click API permissions.
   
7. Click Add a permission.
   
8. Select Microsoft Graph.
   
9. Then select Delegated permissions.
   
10. Scroll down to find and select User.Read and click Add permissions.
    
11. Then click Certificates & secrets.
    
12. Click New client secret to add a new secret.
    
13. Then enter a Description, select the desired expiration and click Add.
    
14. Then copy the secret value to the clipboard and keep it safe. You will need it to configure the OAuth2 server in Sage X3.
    
15. Click Overview to get the additional information you need to configure the OAuth2 server in Sage X3:
    • Application (client) ID
    • Optional Directory (tenant) ID if you choose the single tenant organization
    • Object ID
    
    
16. Go to the OAuth2 settings in Sage X3 (Administration > Administration > Settings > Authentication > OAuth2 Servers) to configure your OAuth2 server. In the configuration below replace:
    • clientID with the application ID
    • tenantID with the tenant ID or common if you choose a multitenant account type
    
    
    1. Name: azuread according to this example
    2. URL for authorization: https://login.microsoftonline.com/tenantID/oauth2/V2.0/authorize
    3. URL to get access token: https://login.microsoftonline.com/tenantID/oauth2/V2.0/token
    4. OAuth2 client ID: clientID
    5. OAuth2 client secret: the client secret previously saved
    6. Scope for OAuth2 requests: User.Read
    7. URL for requesting user data: https://graph.microsoft.com/v1.0/me
    8. User field in user name answer: userPrincipalName

Note: For further information, consult the Microsoft identity platform and OAuth 2.0 authorization code flow documentation.