Workspace 365

First, we need to create a client application in Azure for the AD synctool with the appropriate API permissions. This way, the Workspace its API accepts information from the synctool.

Note: the App registration that you will need to create in this step, is separate from the <a href="https://intercom-help.eu/workspace-365-eu/en/articles/175371" rel="nofollow noopener noreferrer" target="_blank">SSO App registration.</a> Meaning, if you ever need to change something to the App registration created for the Azure AD synctool, it will not affect users being able to sign into the Workspace environment.

Go to <a href="https://portal.azure.com" rel="nofollow noopener noreferrer" target="_blank">Azure</a> and log in as an administrator.

- Click New Registration.
- Fill in a name.
- Click Register.

- Add the permissions below.​
 
 Be sure you select Microsoft Graph -&gt; Application permissions.
 
 mceclip0.png
 ​ 
 Be sure to grant admin consent on the permissions.
 
 mceclip1.png
 ​​

Go to Certificates &amp; Secrets.

- Click New client secret.
- Fill in a description for the client secret.
- Set the expiration date.​
 
 The sync will not work anymore if the client secret expires. However, you can use PowerShell to add an app secret valid for 99 years. Copy the script below to PowerShell ISE and change the following values: ​ ​$APPObjectID: enter the Object ID of the synctool's app registration here ​$AppSecret: enter a name for the secret key. This will be displayed as the client secret's Description in Azure
 
 #Parameters $APPObjectID = "xxxxxxxx" $AppSecret ="Client Secret for AAD synctool" #Connect to Microsoft Entra ID (Azure AD) Connect-AzureAD #Add App Secret - Valid for 99 Years $StartDate = Get-Date $EndDate = $StartDate.AddYears(99) $AAdAppsecret = New-AzureADApplicationPasswordCredential -ObjectId $APPObjectID -StartDate $StartDate -EndDate $EndDate -CustomKeyIdentifier $AppSecret #Get the Secret Set Write-host $AAdAppsecret.Value #See the Secret set Read-Host $AAdAppsecret.Value
 
- Click Add.
- Note down the value! You will need this later on.

Note down the following information from the Overview page. This information is needed for the next step.

- Application (client) ID
- Tenant ID
- Tenant name (e.g. mycompany.onmicrosoft.com)
- Client secret (value)

1. Go to <a href="https://portal.azure.com" rel="nofollow noopener noreferrer" target="_blank">Azure</a> and log in as an administrator.
2. Go to App registrations. 
 - Click New Registration.
 - Fill in a name.
 - Click Register.
3. Go to API Permissions 
 - Add the permissions below.​
 
 Be sure you select Microsoft Graph -&gt; Application permissions.
 
 mceclip0.png
 ​ 
 Be sure to grant admin consent on the permissions.
 
 mceclip1.png
 ​​
4. Go to Certificates &amp; Secrets. 
 
 - Click New client secret.
 - Fill in a description for the client secret.
 - Set the expiration date.​
 
 The sync will not work anymore if the client secret expires. However, you can use PowerShell to add an app secret valid for 99 years. Copy the script below to PowerShell ISE and change the following values: ​ ​$APPObjectID: enter the Object ID of the synctool's app registration here ​$AppSecret: enter a name for the secret key. This will be displayed as the client secret's Description in Azure
 
 #Parameters $APPObjectID = "xxxxxxxx" $AppSecret ="Client Secret for AAD synctool" #Connect to Microsoft Entra ID (Azure AD) Connect-AzureAD #Add App Secret - Valid for 99 Years $StartDate = Get-Date $EndDate = $StartDate.AddYears(99) $AAdAppsecret = New-AzureADApplicationPasswordCredential -ObjectId $APPObjectID -StartDate $StartDate -EndDate $EndDate -CustomKeyIdentifier $AppSecret #Get the Secret Set Write-host $AAdAppsecret.Value #See the Secret set Read-Host $AAdAppsecret.Value
 
 - Click Add.
 - Note down the value! You will need this later on.
5. Note down the following information from the Overview page. This information is needed for the next step.
 
 - Application (client) ID
 - Tenant ID
 - Tenant name (e.g. mycompany.onmicrosoft.com)
 - Client secret (value)

Proceed to <a href="https://intercom-help.eu/workspace-365-eu/en/articles/175392" rel="nofollow noopener noreferrer" target="_blank">step 2</a>.

Introduction

Configuration