Configure PlaceOS Authentication Source

You may supply the client_id and client_secret to PlaceOS or your PlaceOS Integration Partner to complete these steps.

Prerequisites

PlaceOS Backoffice Administrator Access
Microsoft Azure App Registration client_id and client_secret generated in the Microsoft Azure App Registration steps.

These fields are specific to the OAuth2 provider and tend to differ slightly between providers.

Details on how Azure handles OAuth2 will be used to describe the following fields.

PlaceOS Field Requirement

PlaceOS Field	Requirement
`name`	A friendly name for this authentication configuration.
`client_id`	The Client ID provided by Microsoft Azure App Registration.
`client_secret`	The Secret created in the Microsoft Azure App Registration.
`site`	This should be set to: ``https://login.microsoftonline.com``
`scope`	The scopes, space separated, for the APIs that are intended to be accessed `openid` `offline_access` `calendars.readwrite.shared` `group.read.all` `user.read.all`
`token_method`	Azure uses a `POST` to obtain a token
`authentication_scheme`	`Request Body`
`token_url`	The URL to obtain a token from, Azures is: `https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token`
`authorize_url`	The URL that initialises the OAuth2 request: `https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/authorize`
`user_profile_url`	The URL we can use to test the OAuth2 token and obtain user details: `https://graph.microsoft.com/v1.0/me`
`info_mappings`	This maps PlaceOS fields to User Profile fields (see below). email -> mail,userPrincipalName first_name -> givenName last_name -> surname uid -> id access_token -> token refresh_token -> refresh_token expires -> expires expires_at -> expires_at

name

A friendly name for this authentication configuration.

client_id

The Client ID provided by Microsoft Azure App Registration.

client_secret

The Secret created in the Microsoft Azure App Registration.

site

This should be set to: `https://login.microsoftonline.com`

scope

The scopes, space separated, for the APIs that are intended to be accessed

token_method

Azure uses a POST to obtain a token

authentication_scheme

Request Body

token_url

The URL to obtain a token from, Azures is:

https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token

authorize_url

The URL that initialises the OAuth2 request:

https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/authorize

user_profile_url

The URL we can use to test the OAuth2 token and obtain user details:

https://graph.microsoft.com/v1.0/me

info_mappings

This maps PlaceOS fields to User Profile fields (see below).

Once you have completed the above steps, you will also need to create a StaffAPI Record for your domain.

Last updated 4 months ago