Access Token for Windows Azure Active Directory

Configure an access token to connect to Windows Azure Active Directory.

Figure: WAAD Access Token Configuration screen

Background and Setup

Prerequisites

AgilePoint NX OnDemand (public cloud), or AgilePoint NX PrivateCloud or AgilePoint NX OnPremises v7.0 or higher.

Good to Know

In most cases, you can use a global access token or an application level access token:
- Global access tokens are shared across all users and applications. If you want all process designers and runtime app users in your AgilePoint NX tenant to be able to connect to an external data source, use a global access token. An example is a SharePoint site on an intranet that all employees in a company can access.
- Application level access tokens are shared with all processes in a process-based app, or restricted to use within a form-based app. Use application level access tokens if only process designers or runtime app users for a particular application should access an external system — for example, a Google Drive account that is only used to share files within a small team.
Access tokens are used to connect AgilePoint NX applications to external data sources. Windows Azure Active Directory can be used for access tokens, but it can also be used as an authentication provider for NX Portal. Access tokens cannot be used to authenticate to the Portal.
For more information about configuring authentication providers, refer to Add an Authentication Type.
Access tokens are collections of credentials that are used to authenticate communication directly between AgilePoint NX and an external system. Because it is the AgilePoint NX system that uses these credentials, rather than an app, there is no difference between design time and runtime access tokens. Access tokens are never checked in or published, and they do not use version control. If you change an access token in the App Builder or Manage Center, the access token changes immediately everywhere the access token is used. Changes to application level access tokens apply to all versions of an application, including running application instances. Changes to global access tokens apply everywhere they are used in AgilePoint NX. You can not roll back an access token to a previous version.
For more information, refer to What Data Is Deleted When I Delete an App or Application Resource?
Some information about third-party integrations is outside the scope of the AgilePoint NX Product Documentation, and it is the responsibility of the vendors who create and maintain these technologies to provide this information. This includes specific business uses cases and examples; explanations for third-party concepts; details about the data models and input and output data formats for third-party technologies; and various types of IDs, URL patterns, connection string formats, and other technical information that is specific to the third-party technologies. For more information, refer to Where Can I Find Information and Examples for Third-Party Integrations?

How to Start

There are several ways to create an access token for Windows Azure Active Directory. How to create the access token depends on where you want to use it.

Global (Manage Center)

You can use a global access token in any application in your AgilePoint NX tenant. Use a global access token if you want any user in your environment to be able to connect to the same external system.

Click Manage .
Click App Builder > Global Access Tokens.
On the Global Access Tokens screen, click Add Token .
On the Add Global Access Tokens screen, select Windows Azure Active Directory .
Click Next.

Application Level (App Builder)

Create an access token to use in any process activity or form control in an application.

Click Build Apps .
In the Application Explorer, on the My Applications pane, click [Application Name] > Shared Resources > Access Tokens.
Click New .
On the New App Token screen, select Windows Azure Active Directory .
Click Next.

Process Activities and Form Controls

Different access token types can be created in context and used in different process activities, form controls, or applications. The App Builder shows shortcut buttons in any place you can create an access token.

You can create an application level access token for Windows Azure Active Directory here:

Process Builder
- Any activity on the Windows Azure Active Directory tab

Fields

Field Name	Definition
Token Name	Function: Specifies the unique name for your connection to Windows Azure Active Directory. Accepted Values: A text string that can have letters, numbers, and spaces Default Value: None
Application ID	Function: Specifies the Microsoft application ID of the app you created or added in Windows Azure Active Directory. Accepted Values: A string with letters and numbers. Default Value: None
Key	Function: Specifies the key of the app you created or added in Windows Azure Active Directory. Accepted Values: A string with letters and numbers. Default Value: None
Reply URL	Function: Specifies the callback URL from the connected application. Accepted Values: A string in URL format. Default Value: https://mysite.com/manage/shared/success.html
Microsoft Graph API URL	Function: Specifies the Microsoft Graph API URL for your language. The default value for this field is the value for the Microsoft Graph API in U.S. English. If you use a different language, see the Documentation from Microsoft to get the URL for your language. Accepted Values: The Microsoft Graph API URL for your language. Default Value: https://graph.microsoft.com
Description	Function: A description for your access token. Accepted Values: More than one line of text. Default Value: None Example: Refer to: (Example) Use Anonymous Authentication in a Form-Based App (Example) Use Anonymous Authentication in a Process-Based App
OAuth2 Access Token	Function: Specifies an access token, or code, from Windows Azure Active Directory. Accepted Values: A valid access token This value comes from Windows Azure Active Directory. Default Value: An unique access token.
Get OAuth2 Access Token	Function: Sends a request to the Windows Azure Active Directory service to get the access token. To complete this process, you must sign in to Windows Azure Active Directory, and specify your consent when prompted.
Renewal Rate	Function: Specifies how frequently to renew your application's access token. Accepted Values: Disabled Every 15 minutes Every half an hour Every hour Default Value: Every hour
Encrypt	Function: Stores the access token in the AgilePoint database as encrypted data. Note: AgilePoint recommends you to store this access token in the database in encrypted format. Accepted Values: Deselected - The access token is in plain text in the database. Selected - The access token is encrypted in the database. Default Value: Selected Limitations: This field was removed from the UI in AgilePoint NX OnPremises and PrivateCloud v7.0 Software Update 2. Access token credentials are encrypted by default. If you want to store credentials in unencrypted format, contact AgilePoint Customer Support.