Create oAuth app in the Azure portal

Table of Contents



We recommend to use: Automatic setup of Single Sign-On, for the Single Sign-On setup.

OAuth is an open standard for authorization, commonly used as a way for Internet users to log in to third party websites using their Google, Facebook, Microsoft, Twitter, One Network, etc. accounts without exposing their password. Generally, OAuth provides to clients a "secure delegated access" to server resources on behalf of a resource owner. Also called, 2 factor authentication (2FA), multifactor authentication (MFA).



oAuth can only be used when the Workspace distributor enabled this (server-wise). Please contact your Workspace supplier for more information about availability.

If you want to make full use of oAuth in combination with Workspace 365, you will need to set up an application for this in the Azure Active Directory. Please follow the steps below for accomplishing this:

  • Login to with an administrator account.
  • Click the question mark and choose "Show diagnostics"

  • A new screen will open. Check the following part:
 "tenants": [
      "id": "60632773-d949-4971-aa61-557ac5e48542",
      "domainName": "",
      "displayName": "Teleworm Inc.",
      "isSignedInTenant": true
  • Copy the content of "domainName"

Now you can create the app. Close the diagnostics screen and go back to portal and the Active Directory and App registrations. Click "+Add" to add the new app. Here you need to fill in the Name and Sign-on URL.

You choose your own name. This name of the app will be shown when the user wants to log in. We recommend to use a well known name for the company e.g. "Teleworm Single Sign On".

Now fill in the Sign-On URL of the Workspace, which can be found by navigating to the Workspace in the browser. It should look like this:


Open the current created app.

First you need to copy the "Application ID".

  • Navigate to the “Reply URLs” section and add a new Reply URL. It should look like this:

    An example:


  • Click "Required permissions" and click "Grant Permissions".
  • Add “Office 365 Exchange Online” and “Office 365 SharePoint Online” applications by selecting the API in step 1 and assign all (delegated) permissions to them in step 2. 

  • Give Windows Azure Active Directory additional delegated control: “Read and Write directory data”.
  • Click "Keys" and create a key. Choose an expiration duration. They key value will appear after saving (note: you will not be able to retrieve key value after leaving this page).

Now as last edit you app manifest by clicking on "Manifest"

Make sure that you add the url of the sign in page to the IdentifierUris

"identifierUris": [
  • Now your app is ready.

Back to top