Microsoft Entra ID (formerly Azure Active Directory)
Following the OAuth 2.0 standard, ModelOp Center requires the following Microsoft Entra ID configurations for a successful integration:
Apps
gateway-service
internal-client
external-integration-client
go-cli
Scopes
custom_scope
App roles
modelop_client
Access token version: 2
Proposed | Platform Type | Client | Scopes & API Permissions | App Roles & API Permissions | Token Claims | Redirect URIs |
---|---|---|---|---|---|---|
gateway-service |
|
|
|
|
|
|
internal-client |
|
|
|
|
|
|
external-integration-client |
|
|
|
|
|
|
go-cli |
|
|
|
|
|
|
*The Group.Read.All
permission for Microsoft Graph is necessary only if a customer is unable to include the group names, instead of group ids, as part of the access token. With Group.Read.All
permission granted, ModelOp Center will be able to retrieve the group names from Microsoft Graph and display them instead of their ids throughout the platform. For details on how to grant permission Group.Read.All
, please refer to Microsoft Entra ID: How-to guide.
NOTE: Once the internal-client
app has been created, please open the “Overview” tab for the app and click on:
"Add an Application ID URI"
“Set”
“Save” the suggested Application ID URI.
Microsoft Entra ID Guide
For instructions on how to create custom_scope
and modelop_client,
and how to set the access token version, please follow the Microsoft Entra ID: How-to guide.