Following the OAuth 2.0 standard, ModelOp Center requires the following Azure AD configurations for a successful integration:
Apps
gateway-service
internal-client
external-integration-client
go-cli
Scopes
custom_scope
App role
modelop_client
Access token version: 2
Normally, access tokens issued by Azure AD are issued for Microsoft Graph. However, ModelOp Center needs access tokens issued for the aforementioned applications. To accomplish that, each application needs a manually created scope (Expose an API tab; Add a scope), custom_scope for example, to indicate the access tokens issued for the given application are intended for the application and not Microsoft Graph. Additionally, the custom_scope has to be added as a permission (API permissions tab; Add a permission) on the application and admin consent must be granted (API permissions tab; Grant admin consent for), so that the application can actually use the permission.
For more details per application, please reference the following table:
Proposed | Platform | Client | Grant Type | Scope | App Roles | Token Claim | Redirect URIs |
|---|---|---|---|---|---|---|---|
gateway-service |
| ✔ | Authorization |
|
|
| |
internal-client | ✔ | Client |
|
| |||
external-integration-client |
| Implicit |
|
|
| ||
go-cli | ✔ | Password |
|
|
NOTE: Once the internal-client app has been created, please open the Overview tab for the app and click on:
"Add an Application ID URI"
“Set”
“Save” the suggested Application ID URI.
Azure AD Guide
For instructions on how to create custom_scopeand modelop_client, please follow the Azure AD: How to create a custom scope and an app role guide.