Create Azure App
Click on "New registration".
Under "Name" write "Infoscreen".
Under "Supported account types" select "Accounts in this organizational directory only (Destino AS only - Single tenant)".
Under "Redirect URI (optional)" select platform "Web" and insert this Redirect URL: "https://accounts.destinet.no/auth/identity/gateway"
Click on the "Register" button.
You will now be taken to the new App overview page.
Copy "Application (client) ID" and "Directory (tenant) ID" and save for later.
Then select "API permissions".
We will be using "Delegated permissions" for the API access.
Under "Microsoft Graph" select:
Under "SharePoint" select:
Then select "Certificates & secrets".
Click on "New client secret".
Give a "Description" to the client secret. Select 24 months in "Expires" and click "Add".
Click on the copy icon for the Client Secret "Value" and store it together with the Application and Tenant IDs.
Destinet/Exposer/D:Signage communicates with SharePoint using an Azure user. Using deligated access the content that the infoscreen has access to is limted to the permissions that user has. It is then recommended to create a specific "Infoscreen" user that you assign only the nessesary permissions to. For example only assign access to the Sites that you want to show on the Infoscreen.
For this purpose the user only need a Microsoft licence for SharePoint access.
Generate refresh and acces token
To generate a refresh token/access token this information will be inserted into Destinet/Exposer/DSignage:
- Application ID
- Tenant ID
- Tenant Name
- Client Secret
This will generate a token request URL. The administrator that created the Infoscreen user will receive this link and run this in a incognito browser session. He will then login using the Infoscreen user and password and will be redirected to a DSignage url where a Token is generated.