To use the SureSync Status Web and authenticate users using Microsoft Entra Id logins, you need to configure and authorize the SureSync Status Web application in your Microsoft Azure Tenant. Once that is complete, you can use the Status Web configuration program to pass your configuration values to the website.
You need to go to your Microsoft Entra admin center. If you start from the Azure portal instead, search for and select Microsoft Entra Id.
Select “App Registrations”. If you are using the Azure portal link, you need to expand “Manage” first.
You can then click “New Registration” to start the registration process.
Name your registration and then select “Accounts in this organizational directory only”.
The “Redirect URL” will be required for Status Web. When a user account is authenticated, the authentication process must call back to the browser with an authentication token.
Specify “Web” for the type and specify the website address of Status Web. End the address with “/signin-oidc”, which is an internal callback for the authorization token.
Click “Register” to save your registration.
Select “Authentication”.
Scroll down the page and check “ID Tokens (used for implicit and hybrid flows)”.
Click “Save” to save your update.
Select “API Permissions” and then click “Add a Permission”.
Permissions will be defined using Microsoft Graph, so click on that box to start selecting permissions.
There are two groups of permissions, and we will be selecting from each group. Start by clicking on “Delegated Permissions”.
Search for and check “email”. You do not need to save yet.
Search for and check “openid”. You do not need to save yet.
Search for and check “profile”.
Click “Add Permissions” to save the permissions you configured so far.
Start over setting API Permissions, but this time select “Application Permissions”.
Search for and check “groupmember.read.all”. You do not need to save yet.
Search for and check “user.read.all”.
Click “Add permissions” to save your updates.
With your permissions saved, you will notice errors indicating you need to grant consent to use those permissions.
Click “Grant admin consent” to grant permission to use the assigned permissions.
When consent has been granted, your display will no longer show errors.
In order for the Status Web application to use the permissions, it needs to use a “secret” to ensure the program is authorized to use the configured permissions. You will create a system generated secret value and provide that value to the SureSync Status Web Configuration program.
Select “Certificates & Secrets” and click “New Client Secret”.
You need to name your secret and specify when the secret expires. You will periodically need to generate new secrets before the old secret expires. Multiple secrets can be active at once. You will need to provide an updated secret to the Status Web Configuration program before the secret expires.
It is recommended to set yourself a calendar event to help remember to refresh the secret. Failure to update the secret before expiration will cause operational issues with Status Web.
Secrets are only displayed when you create it. You cannot display the secret once you leave the page. You must copy the secret to your clipboard so you can paste it into the Status Web Configuration program.
Click the button for the secret value and save it until you are ready to paste it into the Status Web Configuration program.
Start the Status Web Configuration program and select the “Identification” tab.
By default, you will allow Windows logins in your domain for authentication. You can use either or both types of logins. The user selects the type of login they wish to use.
To configure logins for Microsoft Entra Ids, check that option.
In addition to the application secret, you need additional values from your registration. You may want to collect these values after you have pasted in your application secret.
Select “Overview” for your registration.
You need the Application (client) Id, which identifies your application registration. A button will appear to the right of the value to copy the value to the clipboard.
You also need the Directory (tenant) Id from the same page.
When you check “Allow Login with a Microsoft Entra Id”, your configuration options display.
You should copy/paste the values into this form from your registration. The values need to exactly match what was entered in your registration or logins with Entra will fail.
The first time you access the application registration, a dialog may appear. If this dialog display you need to click “Accept” to allow the application registration to be accessed.