Create Registration for Customer Administrators
The Customer Admins App Registration enables the Azure sign-on for end user customer IT administrators (see Initial Access to UMP-365 and Assigning Customer Admins). Once this registration is complete, the Application (Client) ID must be added in the Customer Admins screen in the Multitenant interface. When the customer IT administrator logs into User Management Pack 365 SP Edition, they view only their Microsoft 365 tenant.
|
1.
|
Sign-in to the Azure portal for the Service Provider operator tenant with Admin permissions. |
|
2.
|
Under Manage Azure Active Directory, select View. |
|
3.
|
In the Navigation pane, select App registrations. |
|
4.
|
Click New registration. |
|
5.
|
Enter the following details: |
|
●
|
Name: App registration name |
|
●
|
Select account type: Recommendation - Accounts in any organizational directory (Any Azure AD directory - Multitenant) |
The new registration is created.
|
7.
|
Navigate to the Overview page and copy the Application (client) ID to notepad (it must be configured later in this procedure). |
|
8.
|
Click the Add a Redirect URI link to add the WEB redirect URI for the provider’s public portal. |
The Authentication screen is displayed.
|
9.
|
Click Add URI and add the Public Portal DNS subdomain name for the provider that you defined in Chapter Register End Customer Tenant DNS Sub domains with the appended string “/tenantui/signin-aad” as shown in the following figure. |
|
10.
|
Scroll down the screen and enable the Implicit grant and Hybrid flows; select the following tokens to be issued by the authorization endpoint: |
|
●
|
Access tokens (used for implicit flow) |
|
●
|
ID tokens (used for Implicit and Hybrid flows) |
|
11.
|
Click Save to apply changes. |
|
12.
|
In the Multitenant interface, open the Administrators page (Monitoring> Service > Administrators). |
|
14.
|
Open PowerShell and type the following command: |
iisreset [enter]
