Today, I am here with one more interesting point to discuss.
Background
Recently, I got a chance to use Graph API for getting the list of Office 365 Group Admins. We have a use case to check whether our Office 365 group has more than two owners or not. We have a console application and we are using CSOM to get the group owners. To use the Graph APIs, the authentication and authorization mechanism is a bit different. We need to use Azure AD.
So, to access Microsoft Graph APIs, we need to create a new Azure app and give permissions to the respective APIs to access the respective data. Here, in our case, to access O365 groups, we are following these high-level steps:
- Register/create a new Azure app from “Azure Active Directory” center.
- Get the AppID and Client Secret Key.
- Give permission to access O365 group owners in our newly created app to access Graph APIs.
- Generate the authentication token in the program
- Use authentication token to use the Graph APIs
In this article, we will go in detail for two points - Register/create a new Azure app from “Azure Active Directory” center and generate a new client secret key. So, let us begin.
Steps to Register/Create an Azure app -
- Log into SharePoint Admin site - https://<mytenant>-admin.sharepoint.com here.
- Go to the “Azure Active Directory” center, as shown in the below snapshot.
Figure 1: Office 365 - Admin Center
- We will be redirected to the Azure Active Directory Admin Center.
Figure 2: Azure Active Directory admin center
- Click on “Azure Active Directory” option from the left side.
Figure 3: Azure Active Directory admin center - Azure Active Directory >> App registrations
- Click on “App registrations” from the left side as mentioned in the above snap. The “App registration” dashboard will appear.
Figure 4: Azure Active Directory admin center - "+ New application registration" option
- Click on “+ New application registration” link from the top.
A new app registration screen will appear, as shown in the below screenshot.
Figure 5: Azure Active Directory Admin Center:
Enter the following details.
Name – KnowledgeJunctionAzureApp
Application type – Web app / API
Sign-on URL – http://knowledgejunction.com
- Click on the “Create” button at the bottom of the page.
Make sure that we have a success message and we are on the following screen.
Figure 6: Azure Active Directory admin center-Registered app
From here, the important point to note is the Application ID, as shown in the above figure. We can get the APPID from this URL also.
Also, we will require a client secret key that we will generate like this -
- From the above figure 6, click on “Settings” icon. The Settings pane will open.
Figure 7: Azure Active Directory admin center - Azure App >> Settings icon
- On the “Settings” pane, there is a “Keys” option as shown in the above figure 7. Click on “Keys” and a Keys pane will open.
Figure 8: Azure Active Directory admin center - Azure App >> Settings >> Keys >> Generating Client Secret Key
- Give a name under “DESCRIPTION” column and select “EXPIRES” option as “Never expires”. Click on the “Save” option on the top.
Figure 9: Azure Active Directory admin center - Azure App >> Settings >> Keys >> New Client Secret Key generated
Once the new client secret key is generated, please copy it. See the warning in the top brown bar. Once we have left this pane, we don’t have any option to get this key. We need to create a new one again.