Versions Compared

Version Old Version 8 New Version 9
Changes made by

Brad Gessey

Fiona Hardy

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

This guide has been reviewed against our global client base and classed as relevant to all regions

For Reapit to import portal leads to be imported into AgencyCloud Reapit via a mailbox within Office 365, authentication via Azure Active Directory (AD) Microsoft Entra ID is required

This guide covers how to create an app within Azure ADMicrosoft Entra ID, along with the details required for Reapit to connect, including:

Table of Contents
minLevel2
maxLevel2

Create new registration in

...

Microsoft Entra ID

1.

Open Azure Active DirectoryClick

Access Azure Services page

Microsoft Entra ID is accessed from the Azure Services page

  • Select Azure Active Directory

    • Image Removed

    2. Access app registrations

    From the Manage section:

    • Click App registrations

    Image Removed

    3. Enter new registration details

    • Click New registration

      Image Removed

    • Enter the details as shown below

    Image Removed

    • From the Azure Services section, select Microsoft Entra ID
      If not displayed as shown below, click More Services and search Microsoft Entra ID

      Azure Services.pngImage Added

    2. Add new registration

    • Click App registrations (left), then click New registration (top)

    New registration option.pngImage Added

    3. Register application

    From the Register an application screen:

    • In Name field, enter Reapit Lead Imports

    • In Support account types, select
      Accounts in any organizational directory (Any Microsoft Entra ID tenant – Multitenant)

    • Click Register (bottom left)

    Reapit lead imports.pngImage Added

    4. Application created

    The Overview page for the newly created application is displayed

    Overview.pngImage Added

    Create a secret key

    1. Add a certificate or secret

    key

  • Navigate to the newly created application

    • From the Overview page:

    • Beside Client Credentials, click Add a

    Certificate

    • certificate or

    Secret

    • secret

    Image Removed InfoIf nothing has been added previously, the label will be Add a certificate or secret
    Add a cert or secret link.pngImage Added

    • The Certificates & Secrets page will be displayed - click New Client Secret

      New client secret.pngImage Added

    2. Add

    secret key settings

    • Create new secret with the following settings

    Image Removed InfoThe expiry

    description & expiry date

    In the Add a client secret section:

    • In Description field, enter Reapit Access to Mailbox

    • In Expires field, enter the expiry date - this date can be set at your discretion

    -

    • – however,

    once this NotePlease note that the secret key will expire 1 year after creation, this process will need to be repeated once expired.

    • when it expires, a new key will need to be provided to Reapit

    3. New ID created - provide Reapit with value details

    The new ID is created

    • Beside Value, click copy and send this to Reapit

    Image Removed

    • Click Add (bottom of screen)

      Add a client secret.pngImage Added

    3. Copy client secret details

    • When the Client Secret has been created, click Copy beside both the Value and Secret ID

      Client secret added.pngImage Added
    Note

    Keep the copied information safe as you will need to provide it to your PM and/or Reapit
    Once you exit this screen, you won’t be able to access the secret value again

    Create permissions

    1.

    Access Microsoft GraphFrom Microsoft APIs

    Create API permissions

    To create API permissions:

    • Click

    Microsoft GraphImage RemovedClick Go to

  • Select application permissions

    Image Removed

  • Add the following permission

    Image Removed

    • Application will appear as Not granted

    Image Removed

    • API permissions (left) and click Add a permission

    2. Select application permissions & add a permission

    Create permissions.pngImage Added

    • As shown above, click Microsoft Graph and select Application permissions (top right)

      • In Select Permissions search bar, type mail

      • Beside Mail.ReadWrite, tick the box and click Add permissions (bottom)

    2. Permission created but not granted

    • The API permission will now show as Not granted
      See next section

    Permissions not granted.pngImage Added

    Grant app permissions

    1.

    Create a redirect URL

    From Authentication, create a redirect URL:

  • Select Web

    Image Removed
    • Set to

    Authentication

    • Click Authentication (left) and select Add a platform followed by Web

    Authentication.pngImage Added

    • As shown above (right) - select Web

    • In the Redirect URIs text box, type: https://localhost/

    Image Removed

  • Click Configure

    • 2. Grant permission to account

    Navigate to:

    • - then click Configure (bottom)

    2. Note Application (client) ID

    • Click Overview (left) and make a note of the Application (client) ID

      Application client ID ref.pngImage Added

    3. Navigate to URL

    • Navigate to the following URL
      Replace client_id from the URL below with the Application (client) ID (example shown above)
      https://login.microsoftonline.com/common/adminconsent?client_id=

    <client

    • %3cclient_

    id>

    • id%3e&state=12345

    <client_id> should be replaced with the client ID (and the <> characters removed) against the registered app (which can be found in the Overview panel)


    Image Removed

    • The URL should look similar to this

    : A prompt will be displayed (shown right)
    The permissions requested will be the permissions set previously in section titled Create permissions

    • example
      https://login.microsoftonline.com/common/adminconsent?client_id=64rr9f13-5t4r-7979-1271-65sd6h516r71&state=12345

    3. Sign in with Reapit lead import email address

  • Sign in with the email address that Reapit use to import leads

    • 4. Grant permission

    • The Permissions requested page is displayed

    • Click Accept to grant permissions to the account

      Permissions requested.pngImage Added

    • The

    redirect URL that was setup earlier (localhost) will be

    4. Permissions granted

    • Status will now show as Granted for the permissions

    Image Removed5. Provide Reapit

    • following error page is displayed

    Image Removed
    • Error page.pngImage Added

    • Refresh the Microsoft Entra ID page, then go back to the API permissions screen

    • The Microsoft Graph read and write permissions should now be updated to Granted

      MS graph permission granted.pngImage Added

    5. Provide Reapit with required information

    Provide Reapit/your PM with the following information:

    • Secret Value - as set-up in Create a secret key section

    Directory

    • Application (

    tenant

    • client) ID - found

    on Overview pageApplication (client

    • in the Overview section in Microsoft Entra ID

    • Directory (tenant) ID - found

    on Overview page

    • in the Overview section in Microsoft Entra ID

    Final step.pngImage Added

    Restrict access via PowerShell (optional)

    With the current setup, the
    Tip
    Info

    The account shown in this guide, with the current setup, has access to all mailboxes

    The process Reapit runs to retrieve emails by default won’t will not attempt to scrape information from other mailboxes - however, if you would like to restrict access via PowerShell, the steps below demonstrate how to do this

    1. Create application access policy

    • Open PowerShell

    • View > Show scripting pane

    • Create an application access policy as follows (the parameters in red should be amended):

    Panel
    bgColor#F4F5F7

    • New-ApplicationAccessPolicy -AppId applicationID -PolicyScopeGroupId smatharu@reapitdev.onmicrosoft.com -AccessRight RestrictAccess -Description "Restricts Reapit to this email address"

    • Application ID can be found on the Overview page of the registered app

    • PolicyScopeGroupId should be changed to the mail address that needs to be restricted

    • Once ran, the following result should be displayed:

    Image Removed

    !!!!!!!!!!!!!!!SCREENSHOT TOO BLURRY!!!!!!!!!!!!!!!

    2. Test if the policy has been updated

    To test

    Test if the policy has been updated, by using PowerShell to run the following

    in PowerShell

    :

    Panel
    bgColor#F4F5F7
    Image Removed

    • Test-ApplicationAccessPolicy -Identity PolicyScopeGroupId -AppId applicationID

    PolicyScopeGroupId should be the email address used above
    AppId is the application ID used above

    !!!!!!!!!!!!!!!SCREENSHOT TOO BLURRY!!!!!!!!!!!!!!!

    Tip

    If successful, the results should show

    a granted under AccessCheckResult

    Granted under Access Check Result

    Filter by label
    showLabelsfalse
    max5
    sortmodified
    showSpacefalse
    reversetrue
    cqllabel = "internetreg"
    Excerpt
    hiddentrue

    For Reapit to To import portal leads into AgencyCloud Reapit via a mailbox within Office 365, authentication via Azure Active Directory (AD) Microsoft Entra ID is required - this guide covers how to set this up

    ...