Microsoft Entra ID (formerly Azure Active Directory)

Owned by Dave Trier
Last updated: Aug 02, 2024 by Blagica
1 min read

Following the OAuth 2.0 standard, ModelOp Center requires the following Microsoft Entra ID configurations for a successful integration:

  1. Apps

    1. gateway-service

    2. internal-client

    3. external-integration-client

    4. go-cli

  2. Scopes

    1. custom_scope

  3. App roles

    1. modelop_client

  4. Access token version: 2

Proposed
Application Name

Platform Type

Client
Secret
Required

Scopes & API Permissions

App Roles & API Permissions

Token Claims

Redirect URIs

Proposed
Application Name

Platform Type

Client
Secret
Required

Scopes & API Permissions

App Roles & API Permissions

Token Claims

Redirect URIs

gateway-service
(C2B)

  1. Web

  • openid

  • profile

  • email

  • offline_access

  • custom_scope

 

  • family_name

  • given_name

  • preferred_username

  • email

  • groups

  • https://<ModelOp Center URL>/login/oauth2/code/gateway-service

internal-client
(B2B)

 

  • Group.Read.All*

  • modelop_client

  • idtyp

 

external-integration-client
(C2B)

  1. Single-page application

  2. Mobile and desktop applications

 

  • custom_scope

 

  • family_name

  • given_name

  • preferred_username

  • email

  • groups

  1. Single-page application; Redirect URIs

    1. https://<ModelOp Center URL>/jupyterOauth2ImplicitGrant.html

    2. https://<ModelOp Center URL>/modelOpWDC.html

  2. Mobile and desktop applications; Redirect URIs

    1. https://oauth.powerbi.com/views/oauthredirect.html

go-cli
(C2B)

 

  • custom_scope

 

  • family_name

  • given_name

  • preferred_username

  • email

  • groups

 

*The Group.Read.All permission for Microsoft Graph is necessary only if a customer is unable to include the group names, instead of group ids, as part of the access token. With Group.Read.All permission granted, ModelOp Center will be able to retrieve the group names from Microsoft Graph and display them instead of their ids throughout the platform. For details on how to grant permission Group.Read.All, please refer to Microsoft Entra ID: How-to guide.

NOTE: Once the internal-client app has been created, please open the “Overview” tab for the app and click on:

  • "Add an Application ID URI"

  • “Set”

  • “Save” the suggested Application ID URI.

Microsoft Entra ID Guide

For instructions on how to create custom_scopeand modelop_client, and how to set the access token version, please follow the Microsoft Entra ID: How-to guide.