Introduction
We have created an integration with Liquit Workspace, fully compatible with the Single Sign-on experience. The Liquit live tile can be added to your Workspace as one single interface for all your assigned Liquit apps.
Requirements
Workspace 365 and Liquit will both have to be synchronized with the same Microsoft Entra ID (previously called Azure AD) identity source as it relies on an Exchange token.
This integration is supported by Liquit Workspace:
Branch 3.5: version 3.5.2034 or higher.
Branch 3.6: version 3.6.2150 or higher.
Configuration
When Content Security Policy (CSP) and/or Cross-Origin Resource Sharing is enabled within your Liquit Workspace environment, it's required to add the URL of the Workspace 365 portal to the security settings. If these are not added the Liquit Workspace Live Tile will not be able to communicate with the Liquit Workspace Server.
Step 1. Configure Liquit Workspace
In order to setup the connection in Workspace 365, you will first have to enable the "Token Exchange" authentication method on the identity sources configured in Liquit Workspace as well as a new API permission on the Workspace 365 app registration in Microsoft Entra ID.
Token exchange
As an admin, navigate to your Liquit Workspace portal.
Navigate to the Manage tab at the top.
Select Identity Sources in the Authentication section.
Double-click the Microsoft Entra ID identity source you also use for Workspace 365.
Select Authentication in the left submenu.
Check the box for Token Exchange and click Save.
API permission
Navigate to portal.azure.com.
Choose Microsoft Entra ID and then App registrations.
Create a Liquit Workspace App registration, click here for instructions.
In the Liquit app registration, go to Expose an API and define a scope.
Select the Workspace 365 app registration.
Choose API permissions.
Click the Add a permission button.
Find the Liquit Workspace app registration under the APIs my organization uses tab.
Check the user_impersonation option and continue to save the change by clicking Add permissions.
Make sure you grant admin consent on this API permission.
ββ
If the user impersonation permission is not available, this is likely caused by an app registration created while using the preview version of the Azure portal. To fix this, please follow the steps below and try again.
Adding the correct permission to the Liquit Workspace app registration:
Choose Expose an API.
Click the Add a scope button.
Fill in the information as provided below.
Step 2. Create a Liquit connection in Workspace 365
As a Workspace administrator, go to settings > Integrations and select Liquit connections.
Click New.
Fill in the following details:
App name.
Liquit portal URL.
Identity source.
Application (client) ID.
Information on where to find these details is described below and can be accessed by clicking on the βiβ icon behind the input fields.
Step 3. Configure the app
Go to the App store (click on the waffle icon or '+Add tiles').
Make sure that Manage apps is selected.
Search for the Liquit app and click Add new app.
You can configure the following:
Choose a different logo, change the app color and decide whether to open the app in a new or current window (destination).
You can also determine who has access to the app and who will become app owner.
If you followed the previous steps, you can select a connection from the drop-down menu (if not, you can create a new connection). Click Add.
Click Save.
Step 4. Activate the app
When you're done configuring the app, you can add it from the App store to your Workspace. Click +Add tiles in the upper left corner.
Search for the Liquit app you just created. Select the app and add it to your Workspace, either to a new or existing group.
When the Liquit live tile is added to your Workspace, you can right-click the app to edit the desired app settings, such as size to show more or less application shortcuts from the live tile.