Page Comparison

The IT Shop Microservices allow users to shop for any resources to which they may eligible to receive. As part of the process for deploying the IT Shop, a service principal application used to authenticate the App Service that hosts the microservice must be registered in Azure.

How to register a service principal app

1. Log in to your Azure portal as a user with the necessary permissions to create an application in Azure AD.

2. In Azure, navigate to your Azure Active Directory.

3. On the Azure navbar, click App registrations.

   Image RemovedImage Added

4. On the App registrations page, click New registration.

   Image RemovedImage Added

5. Name the application, select the scope for the application (single or multitenant) and click Register.

   Image RemovedImage Added

To configure

Configure the

IAM Shop API app

1. Navigate to the IT IAM Shop API application you created above.

2. Select Branding on the application navbar and update the the settings accordingly. The Home page URL should be set to the URL for the IT Shop UI app services.

   Image RemovedImage Added

3. When you have completed updating the Branding settings, click Save.

   Image RemovedImage Added

   
   

4. Select Authentication from the application navbar and then click Add a platform.

   Image RemovedImage Added

5. Under Web applications, select Web.

   Image RemovedImage Added

   
   

6. In the Configure Web pane do the following:

   1. In the Redirect URIs field, enter the URL for the IT Shop UI Web Service, such as https://{{it-shop-ui-url}}/callback, where {{it-shop-ui-url}} is the URL for the IT Shop UI App Service you created.

   2. Under Implicit grant, select both Access tokens and ID tokens.

   3. Click Configure.

      Image RemovedImage Added

7. After the application configuration completes, click Add URI to add another redirect URI to the application.

   Image RemovedImage Added

   
   

8. Enter https://{{it-shop-ui-url}}/.auth/login/aad/callback, where {{it-shop-ui-url}} is the URL for the IT Shop UI Web Service you created.

9. Click Save.

   Image RemovedImage Added

   
   

10. Click Expose an API on the application navbarand then click the Application ID URI Set link.

    Image RemovedImage Added

11. In the Application ID URI field of the Set the App ID URI dialog, enter the URL for the IT Shop API App Service you created earlier and then click Save.
    
    The URI should look similar to https://it-shop-api.azurewebsites.net

    Image RemovedImage Added

12. Under Scopes defined by this API, click Add a scope.

    Image RemovedImage Added

13. In the Add a scope dialog, do the following

    1. Scope name — Enter – Enter itshop.all

    2. Who can consent? — Select – Select Admins and users.

    3. Admin consent display name — Enter – Enter a desired display name.

    4. State — Select – Select Enabled.

    5. Click Add Scope.
       

14. On the navbar go to the API Permissions page and then click Add Permission.

15. Select APIs my organization uses.

16. Search for and select the it-shop-ad application.

17. Select Delegated permissions.

18. Select the itshop.all scope.

19. Click Add permissions.