Internet registrations/portal leads set-up via Microsoft Entra ID (formerly Azure Active Directory - AAD)

Owned by Fiona Wilson, created
Last updated: Mar 15, 2024
5 min read

This guide has been reviewed against our global client base and classed as relevant to all regions

For portal leads to be imported into Reapit via a mailbox within Office 365, authentication via Microsoft Entra ID is required

This guide covers how to create an app within Microsoft Entra ID, along with the details required for Reapit to connect, including:

Create new registration in Microsoft Entra ID

1. Access Azure Services page

Microsoft Entra ID is accessed from the Azure Services page

  • Click here: https://portal.azure.com/#home

  • Login as a user that has Global Admin permissions to register apps

  • From the Azure Services section, select Microsoft Entra ID
    If not displayed as shown below, click More Services and search Microsoft Entra ID

    Azure Services.png

2. Add new registration

  • Click App registrations (left), then click New registration (top)

New registration option.png

3. Register application

From the Register an application screen:

  • In Name field, enter Reapit Lead Imports

  • In Support account types, select
    Accounts in any organizational directory (Any Microsoft Entra ID tenant – Multitenant)

  • Click Register (bottom left)

4. Application created

The Overview page for the newly created application is displayed

Create a secret key

1. Add a certificate or secret

From the Overview page:

  • Beside Client Credentials, click Add a certificate or secret

  • The Certificates & Secrets page will be displayed - click New Client Secret

2. Add description & expiry date

In the Add a client secret section:

  • In Description field, enter Reapit Access to Mailbox

  • In Expires field, enter the expiry date - this date can be set at your discretion – however, when it expires, a new key will need to be provided to Reapit

  • Click Add (bottom of screen)

3. Copy client secret details

  • When the Client Secret has been created, click Copy beside both the Value and Secret ID

Keep the copied information safe as you will need to provide it to your PM and/or Reapit
Once you exit this screen, you won’t be able to access the secret value again

Create permissions

1. Create API permissions

To create API permissions:

  • Click API permissions (left) and click Add a permission

  • As shown above, click Microsoft Graph and select Application permissions (top right)

    • In Select Permissions search bar, type mail

    • Beside Mail.ReadWrite, tick the box and click Add permissions (bottom)

2. Permission created but not granted

  • The API permission will now show as Not granted
    See next section

Grant app permissions

1. Authentication

  • Click Authentication (left) and select Add a platform followed by Web

  • As shown above (right) - select Web

  • In the Redirect URIs text box, type: https://localhost/ - then click Configure (bottom)

2. Note Application (client) ID

  • Click Overview (left) and make a note of the Application (client) ID

3. Navigate to URL

  • Navigate to the following URL
    Replace client_id from the URL below with the Application (client) ID (example shown above)
    https://login.microsoftonline.com/common/adminconsent?client_id=%3cclient_id%3e&state=12345

  • The URL should look similar to this example
    https://login.microsoftonline.com/common/adminconsent?client_id=64rr9f13-5t4r-7979-1271-65sd6h516r71&state=12345

 

4. Grant permission

  • The Permissions requested page is displayed

  • Click Accept to grant permissions to the account

  • The following error page is displayed

  • Refresh the Microsoft Entra ID page, then go back to the API permissions screen

  • The Microsoft Graph read and write permissions should now be updated to Granted

5. Provide Reapit with required information

Provide Reapit/your PM with the following information:

  • Secret Value - as set-up in Create a secret key section

  • Application (client) ID - found in the Overview section in Microsoft Entra ID

  • Directory (tenant) ID - found in the Overview section in Microsoft Entra ID

Restrict access via PowerShell (optional)

The account shown in this guide, with the current setup, has access to all mailboxes

The process Reapit runs to retrieve emails by default will not attempt to scrape information from other mailboxes - however, if you would like to restrict access via PowerShell, the steps below demonstrate how to do this

1. Create application access policy

  • Open PowerShell

  • View > Show scripting pane

  • Create an application access policy as follows (the parameters in red should be amended):
    New-ApplicationAccessPolicy -AppId applicationID -PolicyScopeGroupId smatharu@reapitdev.onmicrosoft.com -AccessRight RestrictAccess -Description "Restricts Reapit to this email address"

  • Application ID can be found on the Overview page of the registered app

  • PolicyScopeGroupId should be changed to the mail address that needs to be restricted

  • Once ran, the following result should be displayed:

2. Test if the policy has been updated

Test if the policy has been updated, by using PowerShell to run the following:

  • Test-ApplicationAccessPolicy -Identity PolicyScopeGroupId -AppId applicationID

    PolicyScopeGroupId should be the email address used above
    AppId is the application ID used above