Page Comparison

As part of the process for deploying MyTasks, To manage SharePoint, the EmpowerID SharePoint Online (SPO) microservice requires a service principal application used to authenticate the MyTasks backend App Service be registered in the SharePoint tenant to provide Azure AD authentication to the app service that hosts the SPO microservice must be registered in Azure.

Register

...

a service principal

...

Log in to your Azure portal as a user with the necessary permissions to create an application in Azure AD.

for app service auth

...

In Azure, navigate to your Azure Active Directory.
On the Azure Active Directory navbar, click App registrations.
On the App registrations page, click New registration.
Image RemovedImage Added
Name the application, select the scope for the application (single or multitenant) and click Register.
Once the application is registered, copy the Application (client) ID , and Directory (tenant) ID and Object ID from the Overview page. These values are used later to configure AD authentication for the MyTasks App service. The next step is to .
Navigate to the Certificates & secrets blade for the application and upload the base-64 encoded certificate that you have selected to authenticate to the application.
Insert excerptIL:Azure Cert RequirementsIL:Azure Cert Requirementsnopaneltrue
Under Manage, click Certificates & secrets.
Under Certificates, click Upload certificate and upload the base-64 encoded certificate.
Under Client secrets, click New client secret. The secret is used by the application to prove its identity when requesting a token.
Enter a Description for the client secret, select when the secret Expires and then click Add.
Under Manage, select Branding and update the settings accordingly. The Home page URL should be set to the URL for the MyTasks Front-End app service you created earlier.
Save the settings.
Under Manage, select Authentication and click Add a platform.
Click Add a platform.
Select Web.
In the Configure Web pane do the following:
1. In the Redirect URIs field, enter the URL for the MyTasks UI Web Service appended with /callback, such as https://{{mytasks-ui-url}}/callback, where {{mytasks-ui-url}} is the URL for the MyTasks UI App Service you created.
2. Under Implicit grant, select both Access tokens and ID tokens.
3. Click Configure.
After the application configuration completes, click Add URI and enter the URL for the MyTasks UI Web Service appended with /.auth/login/aad/callback, such as https://{{mytasks-ui-url}}/.auth/login/aad/callback, where {{mytasks-ui-url}} is the URL for the MyTasks UI App Service you created.
Click Save.
Under Manage, select Expose an API and then click the Application ID URI Set link.
In the Application ID URI field of the Set the App ID URI dialog, enter the URL for the My Tasks API App Service you created earlier and then click Save. The URI should look similar to https://mytasks-api-app.azurewebsites.net, where mytasks-api-app is the name of the MyTasks API app service.
Under Scopes defined by this API, click Add a scope and enter the following information:
- Scope name — Enter mytasks.all
- Who can consent? — Select Admins and users.
- Admin consent display name — Enter a desired display name.
- Admin consent description — Enter a desired description.
- State — Select Enabled.
- Click Add Scope.
Under Manage, select API Permissions and click Add a permission.
Select APIs my organization uses and then search for and select the MyIdentity-API-AD application you created above.
Select Delegated permissions and then select the myidentity.all scope.
Click Add permissions.

...

are using to secure HTTP traffic between EmpowerID and the microservice. The public key certificate that you upload to Azure must have a corresponding private key in the EmpowerID certificate store; otherwise, an error will occur when calling Azure’s API.
Add a client secret and copy the value. You add this value to the Key Vault in your EmpowerID tenant.
Image Added