Page Comparison

Following the OAuth 2.0 standard, ModelOp Center requires the following Microsoft Entra ID configurations for a successful integration:

AppsApp registrations*
1. gateway-service
2. internal-client
3. external-integration-client
4. go-cli
Scopes
1. custom_scope
App roles
1. modelop_client
Access token version: 2

Proposed Application Name	Platform Type	Client Secret Required	Scopes & API Permissions	App Roles & API Permissions	Token Claims	Redirect URIs
gateway-service (C2B)	Web	✔	openid profile email offline_access custom_scope		family_name given_name preferred_username email groups	`https://<ModelOp Center URL>/login/oauth2/code/gateway-service`
internal-client (B2B)		✔	Group.Read.All**	`modelop_client`	idtyp
external-integration-client (C2B)	Single-page application Mobile and desktop applications		custom_scope		family_name given_name preferred_username email groups	Single-page application; Redirect URIs `https://<ModelOp Center URL>/jupyterOauth2ImplicitGrant.html` `https://<ModelOp Center URL>/modelOpWDC.html` Mobile and desktop applications; Redirect URIs `https://oauth.powerbi.com/views/oauthredirect.html`
go-cli (C2B)		✔	custom_scope		family_name given_name preferred_username email groups

Note
*When registering a new application, please make sure to add each app through the `Applications → App registrations` menu and NOT through the `Applications → Enterprise application`.

**The Group.Read.All permission for Microsoft Graph is necessary only if a customer is unable to include the group names, instead of group ids, as part of the access token. With Group.Read.All permission granted, ModelOp Center will be able to retrieve the group names from Microsoft Graph and display them instead of their ids throughout the platform. For details on how to grant permission Group.Read.All, please refer to Microsoft Entra ID: How-to guide.

...

Version	Old Version 12	New Version 13
Changes made by	Blagica	Blagica
Saved on	Aug 02, 2024	Jan 30, 2025

Versions Compared

Key