Skip to content

Latest commit

 

History

History
43 lines (32 loc) · 5.71 KB

configure-placeos-authentication-source.md

File metadata and controls

43 lines (32 loc) · 5.71 KB

Configure PlaceOS Authentication Source

{% hint style="success" %} You may supply the client_id and client_secret to PlaceOS or your PlaceOS Integration Partner to complete these steps. {% endhint %}

Prerequisites

Procedure

  1. In PlaceOS Backoffice navigate to the Domains tab.
  2. Select the domain you would like to add Microsoft Authentication to.
  3. Click the Authentication Tab.
  4. Identify the OAuth Source previously created.
  5. Click the Edit Icon.
  6. Update missing fields per the table below.

These fields are specific to the OAuth2 provider and tend to differ slightly between providers.

Details on how Azure handles OAuth2 will be used to describe the following fields.

PlaceOS Field Requirement
name A friendly name for this authentication configuration.
client_id The Client ID provided by Microsoft Azure App Registration.
client_secret The Secret created in the Microsoft Azure App Registration.
site This should be set to: `https://login.microsoftonline.com`
scope

The scopes, space separated, for the APIs that are intended to be accessed

  • openid
  • offline_access
  • calendars.readwrite.shared
  • group.read.all
  • user.read.all
token_method Azure uses a POST to obtain a token
authentication_scheme Request Body
token_url

The URL to obtain a token from, Azures is:

https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token

authorize_url

The URL that initialises the OAuth2 request:

https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/authorize

user_profile_url

The URL we can use to test the OAuth2 token and obtain user details:

https://graph.microsoft.com/v1.0/me

info_mappings

This maps PlaceOS fields to User Profile fields (see below).

  • email -> mail,userPrincipalName
  • first_name -> givenName
  • last_name -> surname
  • uid -> id
  • access_token -> token
  • refresh_token -> refresh_token
  • expires -> expires
  • expires_at -> expires_at

PlaceOS Staff API

Once you have completed the above steps, you will also need to create a StaffAPI Record for your domain.

To create the Staff API Record follow these instructions on configuring Staff API.