Azure AD

Following the OAuth 2.0 standard, ModelOp Center requires the following Azure AD configurations for a successful integration:

  1. Scopes

    1. custom_scope

  2. App role

    1. modelop_client

  3. Apps

    1. gateway-service

    2. internal-client

    3. external-integration-client

    4. go-cli

  4. Access token version: 2

Proposed
Application Name

Platform

Client
Secret
Required

Grant Type

Scope

App Roles

Token Claim

Redirect URIs

Proposed
Application Name

Platform

Client
Secret
Required

Grant Type

Scope

App Roles

Token Claim

Redirect URIs

gateway-service
(C2B)

  1. Web

Authorization
Code

  • openid

  • profile

  • email

  • offline_access

  • custom_scope

 

  • family_name

  • given_name

  • preferred_username

  • email

  • groups

  • https://<ModelOp Center URL>/login/oauth2/code/gateway-service

internal-client
(B2B)

 

Client
Credentials

 

  • modelop_client

  • idtyp

 

external-integration-client
(C2B)

  1. Single-page application

  2. Mobile and desktop applications

 

Implicit

Authorization
Code with PKCE

  • custom_scope

 

  • family_name

  • given_name

  • preferred_username

  • email

  • groups

  1. Single-page application; Redirect URIs

    1. https://<ModelOp Center URL>/jupyterOauth2ImplicitGrant.html

    2. https://<ModelOp Center URL>/modelOpWDC.html

  2. Mobile and desktop applications; Redirect URIs

    1. https://oauth.powerbi.com/views/oauthredirect.html

go-cli
(C2B)

 

Password

  • custom_scope

 

  • family_name

  • given_name

  • preferred_username

  • email

  • groups

 

 

NOTE: Once the internal-client app has been created, please open the “Overview” tab for the app and click on:

  • "Add an Application ID URI"

  • “Set”

  • “Save” the suggested Application ID URI.

Azure AD Guide

For instructions on how to create custom_scopeand modelop_client, please follow the Azure AD: How-to guide.