Azure AD STAR Mobile app registrations
This section describes the app registrations required in Azure to permit the authentication of Star Mobile users.
Azure AD configuration is a task for the Azure administrators, not Star Consultants. The following is a basic guide for administrators, exact implementations details may vary dependant on client infrastructure and requirements.
Two app registration are required in Azure, one for the Mobile web services (APIs), the other for the Star Mobile app (Client App). During the registration process, various values generated by Azure will require noting for later use when configuring the Mobile Web service.
Register the Star Mobile API’s (Web Service)
-
Go to the Azure portal and log on to your Azure tenant.
-
Go to Azure Active Directory > App Registrations.
-
From the App Registrations blade tool bar, select New Registration.
-
Enter the following details:
-
Name - e.g. ‘Star Mobile APIs’.
-
Supported Account Types - Select Accounts in this organizational directory only.
-
Redirect URI - Use the dropdown box to select Web. Enter the intended URL for the Star Mobile web service. e.g.
https://starmobile.company.com/starmobile
Be careful not to include a trailing ‘/’
-
-
Select Register . This creates the application and displays the overview page.
Note the following values for later: Application (client) ID (also known as WS AppID), and Directory (tenant) ID.
-
Go to Manage and select Expose an API. Find theApplication ID URI label and select Set. Azure will generate an App ID URI.
-
Select Save.
-
Select +Add a scope and complete the following details:
-
Scope Name - starmobile.access.
-
Who can Consent - Admins Only.
-
Admin consent display name - Star Mobile Scope
-
Admin Consent Description - Grant this app access to your Star Time & Expenses.
-
State: is set to ‘Enabled’.
-
-
Select Add Scope.
-
Go to Manage options and select Manifest. Change the value of
AccessTokenAcceptedVersion
to 2
Register the Star Mobile Native App
The next step makes the Star Mobile native application known to Azure, by registering it as a native application.
-
Go to the Azure portal and log on to your Azure tenant.
-
Go to Azure Active Directory > App Registrations and select New Registration.
-
Enter the following details:
-
Name: Enter a name, e.g. 'Star Mobile App'. This will appear on the login screen.
-
Supported Account Types - Accounts in this organizational directory only.
-
Redirect URI: Select Public Client (Mobile & Desktop) and enter the intended URL for the Star Mobile web. For example,
https://starmobile.company.com/starmobile
.Be careful not to include a trailing ‘/’.
-
-
Select Register . This creates the application and displays the overview page.
Note the following values for later: Application (client) ID’ (also known as Native app ID).
-
Go to Manage and select API Permissions. In the next screen, select + Add a permission.
-
In the Select an API blade, select the My APIs tab, then select (or use search to find) the Star Mobile web service (API’s) added earlier. You are presented with the Request API permissions blade.
-
Ensure the Delegated Permissions tile is selected (default), in the Select permissions area, expand the Star Mobile API app and ensure the StarMobile.access tick box is checked,
-
Select Update permissions to finish.
Update the Star Mobile API’s (Web Service) registration
Now both Mobile client and API’s are registered, the next step is to enable communication between them.
-
Go to the Star Mobile APIs registration and select Manage > Expose an API.
-
Click the +Add a client application button and enter the following:
-
Client ID: Enter the client ID of the Star Mobile app which you noted earlier as Application (client) ID or Native app ID.
-
Tick the box to allow the use of the scope created earlier called starmobile.access.
-
-
Select Add application to finish.
The app registration is complete!