How Do I Migrate Microsoft Azure Active Directory SSO Authentication to the Microsoft Graph API?

To change MS Azure Active Directory single sign-on (SSO) authentication configuration from Azure Active Directory Graph API to Microsoft Graph API, do the procedure in this topic.

Microsoft no longer supports the Azure Active Directory Graph API and recommends migrating to the Microsoft Graph API.

For help with this procedure, contact AgilePoint Professional Services.

Background and Setup

Prerequisites

Get the Microsoft Azure App ID

To get the Microsoft Azure app ID that is configured for AgilePoint Server and NX Portal, ​do the procedure in this topic.

Procedure

  1. On the AgilePoint Server machine, in a text editor, open this file:

    (NX Portal installation folder - v8.0 and lower) C:\Program Files\AgilePoint\AgilePointWebApplication\AgilePointPortal\web.config

  2. In the file web.config, in the <appSettings> node, find the app IDs in these keys:
    • <add key="ida:ClientID" value="[AgilePoint Portal app ID]"/>
    • <add key="ida:WCFClientID" value="[AgilePoint Server app ID]"/>

      If the value for the key "ida:WCFClientID" is null, find the key ida:WCFAppID, and copy the GUID from the key value. The copied value is the AgilePoint Server app ID.

      <add key="ida:WCFAppID" value="api://mysite.onmicrosoft.com/22ee364a-046c-40a2-b287-a983e5130ce7"/>

      If the app ID does not exist in the web.config file, you can find the AgilePoint Server app ID in the API Permissions section of AgilePoint Portal app created in Microsoft Azure.

Remove the Azure Active Directory Graph Permissions from the Microsoft Azure App

To remove the Azure Active Directory Graph permissions from the app configured for AgilePoint Server and AgilePoint NX Portal in Microsoft Azure, ​do the procedure in this topic.

Prerequisites

  • The app ID for the AgilePoint Server app and AgilePoint NX Portal app in Microsoft Azure.

    For more information, refer to Get the Microsoft Azure App ID.

Procedure

  1. Sign in to Microsoft Azure Portal:
  2. On the Microsoft Azure Portal screen, click App registrations.

    Click App registrations
  3. On the App registrations screen, click All applications.

    Click All applications
  4. On the All applications tab, in the Search field, do the following:
    • To remove permissions for the AgilePoint Server app, paste the ida:WCFClientID value from the web.config file.
    • To remove permissions for the AgilePoint Portal app, paste the ida:ClientID value from the web.config file.

    Paste App ID

    The search result shows the app associated with the specified app ID.

  5. Click the app.

    Click App
  6. On the app, in the Manage section, click API permissions.

    Click API Permissions
  7. On the API permissions screen, in the Azure Active Directory Graph section, delete these permissions.
    • User.Read
    • User.Read.All
    • User.ReadBasic.All

    Delete Permission

    To remove the permission, click Ellipses (...) > Remove permission.


    Click Remove Permission
  8. On the Remove Permission screen, click Yes, remove.

    Click Remove
  9. Click Grant admin consent for AgilePoint.

    Grant Admin Consent For AgilePoint
  10. On the Grant admin consent for AgilePoint screen, select No, remove granted permissions.

    Select No remove granted permissions
  11. Click Grant admin consent.

    Click Grant Admin Consent
  12. On the Grant admin consent confirmation message, click Yes.

    Click Grant Yes

Configure the Microsoft Graph API Permissions for the AgilePoint Portal App

To configure the Microsoft Graph API permissions for the app configured for AgilePoint NX Portal in Microsoft Azure, ​do the procedure in this topic.

Good to Know

  • It is not required to add the Microsoft Graph API permissions for the AgilePoint Server app.

Procedure

  1. In Microsoft Azure, open the app configured for AgilePoint NX Portal.

    Shows Client ID And Tenant ID
  2. On the app, in the Manage section, click API permissions.

    Click API Permissions
  3. On the API permissions screen, in the Configure permissions section, click Add a permission.

    Click Add a permission
  4. On the Request API permissions screen, in the Microsoft APIs tab, click Microsoft Graph.

    Click Microsoft Graph
  5. On the Microsoft Graph section, in the What type of permissions does your application require? field, click Delegated permissions.

    Click Delegated permissions
  6. In the User section, select these permissions.
    • User.Read
    • User.ReadBasic.All

    Select Permissions
  7. Click Add Permissions.

    Add Permissions
  8. Click Grant admin consent for AgilePoint.

    Click Grant Admin Consent
  9. Click Yes.

    Click Grant Yes

    The API permissions screen shows the sucessful message.


    Shows Message

Update the Portal web.config File to Support Microsoft Graph API

To update the portal web.config file to support Microsoft graph API, ​do the procedure in this topic.

Procedure

  1. On the AgilePoint Server machine, in a text editor, open this file:

    (NX Portal installation folder - v8.0 and lower) C:\Program Files\AgilePoint\AgilePointWebApplication\AgilePointPortal\web.config

  2. In the file web.config, in the <appSettings> node, do the following:
    • To support Microsoft Graph API, change the value of the ida:graphApiTarget key to msgraph.

      <add key="ida:graphApiTarget" value="msgraph"/>

    • To set the default authentication provider, change the value of the DefaultAuthProvider key to WAAD.

      <add key="DefaultAuthProvider" value="WAAD"/>

    • (Optional) To update the Microsoft Graph Resource Endpoint, change these values:
      • <add key="ida:msGraphResource" value="https://graph.microsoft.com/"/>
      • <add key="ida:msGraphAPIURL" value="https://graph.microsoft.com/v1.0/"/>

      These endpoints are literal values by default. These values must be updated if any changes are made to the feature or configuration.

  3. Save the web.config file.
  4. Restart your AgilePoint Portal instance.

    For more information, refer to Restarting AgilePoint Server and AgilePoint Portal