These steps are for anyone who wants more fine grained control, keeping the app registration restricted to a single tenant.
You will need to provide the following information to the Yammer setup to install SWOOP:
- Your Microsoft Tenant ID
- Application ID (or Client ID)
- Client Secret
If you don't understand the above please make an appointment with our support team to walk you through the process.
This screenshot shows an example application registration.
The standard Web redirect URI for all SWOOP applications is https://oauth.swoopanalytics.com which is shown below. NOTE: this is NOT a "Single-Page" application, it is a standard web server app.
This app is set to a Single Tenant App. Implicit grants are not used.
You will need to generate a client secret and keep a copy of this. Note that depending on local security policies, that secret will need to be updated when it expires.
These are the app permissions. NOTE: the Yammer permission is what allows the app to access Yammer when a user logs in, it is a "delegated" permission therefore it always needs a user account in order to operate. The "offline_access" is what allows the token to refresh for up to 90 days. This is how the data miner collects metadata.
Optional Extra Permissions
See reference at the bottom of this page about "Native Mode" and also see this support article - https://support.swoopanalytics.com/hc/en-us/articles/4414996084877-Extending-Azure-Active-Directory-to-Synchronise-Group-Community-Members-Viva-Engage-
It might be useful to combine everything into a single app by adding in the permissions to allow very large community membership to be mined over the Microsoft Graph API. This step is not compulsory and can be added later.
Information Required by SWOOP Support.
- Tenant ID for the customer tenant (will be used in the login URL).
- Application ID from the "Overview" blade in Azure Active Directory.
- Client Secret to match this application.
First Login to Miner.
This is the login button on the data miner web page.
It will redirect to a consent screen. NOTE: the checkbox "Consent on behalf of your organization" has been ticked, which requires an admin.
The name of the app will show up on the consent form.
After the login is complete, set the account in the miner and it will keep running data mining in the background.
The same app will work for the Analytics Engine, using the same Application ID and Client Secret.
Permissions visible after login is complete.
Customers using a private Single-Tenant app can check for the green checkmark indicator which shows that this process is complete.
References
Microsoft quick-start application registration.
https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app
Microsoft OAuth2 login for standard (server-side) web applications.
https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow
Microsoft "Native Mode" concepts and migration of Yammer sites.
https://learn.microsoft.com/en-us/yammer/configure-your-yammer-network/overview-native-mode
Comments
0 comments
Please sign in to leave a comment.