Prerequisites
Authentication for all Microsoft products (Azure AD accounts and Microsoft accounts, such as 365 and Intune) is based on OAuth2.0 authentication flow and validated against the Microsoft Identity Platform. Please follow the steps in Generating an OAuth2.0 Authorization Token in Azure to create an OAuth2.0 app and keep your details to be used later when Adding your OAuth credentials to the Oomnitza vault.
Adding your OAuth credentials to the Oomnitza vault
One you have obtained your OAuth details, add them to the vault in Oomnitza by completing the following steps:
- In Oomnitza, click Settings > Credentials, and then click Add new credential (+).
- On the INFORMATION tab, complete these actions:
- Add the name of the credential.
- Add the name of the owner.
- On the AUTHORIZATION tab, select OAuth 2.0 as the authorization type.
- From the SaaS list, select from one of the options listed in the table below.
- Click Authenticate. You are prompted to log into Microsoft to authorize your request.
- Click CREATE.
| SaaS | Requirements | Comment |
| Microsoft |
Client ID, Client Secret, Scope, Tenant |
Uses OAuth consent. The Scope has to be manually added and must match what is set in the Microsoft instance. For information on obtaining your Client ID, Tenant ID, and Client Secret refer to Generating an OAuth2.0 Authorization Token in Azure. |
| Microsoft (Token) |
Client ID, Client Secret, Tenant Id, Resource |
Uses Bearer Token authentication. This process bypasses the need for OAuth consent. For information on obtaining your Client ID, Tenant ID, and Client Secret refer to Generating an OAuth2.0 Authorization Token in Azure. An Azure AD resource ID indicates the audience for which a token that is issued can be used to provide access to an Azure resource. In the case of Azure Storage, the resource ID may be specific to a single storage account, or it may apply to any storage account. For further information, refer to Microsoft Azure Storage resource ID. |
| Microsoft Intune |
Client ID, Client Secret, Tenant Id |
Similar to the Microsoft OAuth 2.0 credentials, except the scope is set to .default This tells the OAuth flow to request the statically configured list of permissions. For further information, refer to Permissions and consent in the Microsoft identity platform. |
| Visual Studio |
Client ID, Client Secret, Scope |
Azure DevOps provides developer services for allowing teams to plan work, collaborate on code development, and build and deploy applications. You can select use these credentials when Creating an extended integration for Microsoft Visual Studio users. |
| SaaS Name | Requirements | Comment |
| Microsoft OAuth 2.0 |
Client ID, Client Secret, Scope, Tenant |
Uses OAuth consent. The Scope has to be manually added and must match what is set in the Microsoft instance. For information on obtaining your Client ID, Tenant ID, and Client Secret refer to Generating an OAuth2.0 Authorization Token in Azure. |
| Microsoft OAuth 2.0 - Resource Owner Grant |
Client ID, Client Secret, Tenant Id, Resource |
Uses Bearer Token authentication. This process bypasses the need for OAuth consent. For information on obtaining your Client ID, Tenant ID, and Client Secret refer to Generating an OAuth2.0 Authorization Token in Azure. An Azure AD resource ID indicates the audience for which a token that is issued can be used to provide access to an Azure resource. In the case of Azure Storage, the resource ID may be specific to a single storage account, or it may apply to any storage account. For further information, refer to Microsoft Azure Storage resource ID. |
| Microsoft OAuth 2.0 - Client Credentials Grant |
Client ID, Client Secret, Tenant Id |
Similar to the Microsoft OAuth 2.0 credentials, except the scope is set to .default This tells the OAuth flow to request the statically configured list of permissions. For further information, refer to Permissions and consent in the Microsoft identity platform |
| Microsoft OAuth 2.0 - Azure DevOps | Client ID, Client Secret, Scope |
Azure DevOps provides developer services for allowing teams to plan work, collaborate on code development, and build and deploy applications. You can select use these credentials when Creating an extended integration for Microsoft Visual Studio users. |
Related Links
Comments
0 comments
Please sign in to leave a comment.