Comment on page

Configure PlaceOS Authentication Source

You may supply the client_id and client_secret to PlaceOS or your PlaceOS Integration Partner to complete these steps.
Prerequisites
PlaceOS Backoffice Administrator Access
Microsoft Azure App Registration client_id and client_secret generated in the Microsoft Azure App Registration steps. 
Procedure
1.In PlaceOS Backoffice navigate to the Domains tab.
2.Select the domain you would like to add Microsoft Authentication to.
3.Click the Authentication Tab.
4.Identify the OAuth Source previously created.
5.Click the Edit Icon.
6.Update missing fields per the table below. 
These fields are specific to the OAuth2 provider and tend to differ slightly between providers.
Details on how Azure handles OAuth2 will be used to describe the following fields.
PlaceOS Field
Requirement
name
A friendly name for this authentication configuration.
client_id
The Client ID provided by Microsoft Azure App Registration.
client_secret
The Secret created in the Microsoft Azure App Registration.
site
This should be set to: `https://login.microsoftonline.com`
scope
​
The scopes, space separated, for the APIs that are intended to be accessed
openid offline_access
calendars.readwrite
calendars.readwrite.shared
contacts.read.shared
group.read.all 
place.read.all 
user.read.all
token_method
Azure uses a POST to obtain a token
authentication_scheme
Request Body
token_url
The URL to obtain a token from, Azures is:
https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token
authorize_url
The URL that initialises the OAuth2 request:
https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/authorize
user_profile_url
The URL we can use to test the OAuth2 token and obtain user details:
https://graph.microsoft.com/v1.0/me
info_mappings
This maps PlaceOS fields to User Profile fields (see below).
email -> mail,userPrincipalName
first_name -> givenName
last_name -> surname
uid -> id
access_token -> token
refresh_token -> refresh_token
expires -> expires
expires_at -> expires_at
PlaceOS Staff API
Once you have completed the above steps, you will also need to create a StaffAPI Record for your domain.
To create the Staff API Record follow these instructions on configuring Staff API.​

PlaceOS Field	Requirement
`name`	A friendly name for this authentication configuration.
`client_id`	The Client ID provided by Microsoft Azure App Registration.
`client_secret`	The Secret created in the Microsoft Azure App Registration.
`site`	This should be set to: ``https://login.microsoftonline.com``
`scope`	The scopes, space separated, for the APIs that are intended to be accessed `openid offline_access` `calendars.readwrite` `calendars.readwrite.shared` `contacts.read.shared` `group.read.all` `place.read.all` `user.read.all`
`token_method`	Azure uses a `POST` to obtain a token
`authentication_scheme`	`Request Body`
`token_url`	The URL to obtain a token from, Azures is: `https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token`
`authorize_url`	The URL that initialises the OAuth2 request: `https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/authorize`
`user_profile_url`	The URL we can use to test the OAuth2 token and obtain user details: `https://graph.microsoft.com/v1.0/me`
`info_mappings`	This maps PlaceOS fields to User Profile fields (see below). email -> mail,userPrincipalName first_name -> givenName last_name -> surname uid -> id access_token -> token refresh_token -> refresh_token expires -> expires expires_at -> expires_at

Create Azure App Registration (Delegated Permissions)

Add User Login Redirects

Last modified 1yr ago