Microsoft Entra ID provider

An Microsoft Entra ID provider allows you to connect a Web API tile to any Azure application's API that uses Microsoft Entra ID for authentication. This can be an Azure API that Microsoft provides (for example, Microsoft Graph) or one you yourself have built. The authentication details needed for accessing the application's API are stored in the Azure Active Directory provider.

Note: For Azure Log Analytics and Azure Application Insights there are dedicated tiles and providers. If you want to use those applications, you should use the dedicated tiles and providers. For any other Azure application, use the Azure Active Directory provider and the Web API tile.

For an example of an Azure Active Directory provider being configured to connect to the Microsoft Graph API see:

How to build insightful M365 Analytics Dashboards with SquaredUp and Microsoft Graph API (Part 1)

Prerequisites

• If you use a proxy server you may need to configure the proxy to allow communication with the Azure Active Directory (How to configure SquaredUp DS to use a proxy)
• A Microsoft Entra ID workspace.
• Access to your Azure portal with the following roles:
  • Azure subscription administrator role
  • Microsoft Entra ID User administrator role

Creating an Microsoft Entra ID provider

There are two environments involved when you are creating an Microsoft Entra ID provider:

1. You need to enable access for SquaredUp DS in your Azure portal. You only need to do this once, regardless of the number of SquaredUp DS instances you have.
   How to enable access for SquaredUp DS in your Azure portal

   Note: The following steps are done in your Azure portal. Please refer to the Azure documentation if you need help with any of the steps.

   1. Create a new AD application in your Azure portal to connect with SquaredUp DS.
      The application needs a platform of type web with a Redirect URI in the following format:

      https://FQDNofYourSquaredUpServer/YourSquaredUpVersion/ext-core-webapi/callback/NameOfYourMSEntraIDProvider

      FQDNofYourSquaredUpServer	For example yoursquaredupserver.yourdomain.name
      YourSquaredUpVersion	For example squaredupv5
      NameOfYourMSEntraIDProvider	The name you'll give the Microsoft Entra ID provider when you create it in SquaredUp DS

   2. Configure the settings for the application.
      • Configure the appropriate settings for authentication and permissions, see Microsoft: Quickstart: Configure a client application to access a web API
      • Create a client secret for the Microsoft Entra ID provider

2. You need to create an Azure Active Directory provider in SquaredUp DS to connect to your Azure Active Directory. You can add as many providers as you want.
   How to create an Azure Active Directory provider in SquaredUp DS

   1. In SquaredUp DS, navigate to the right-hand menu ☰ > system > Integrations.
   2. Under Integrations click Microsoft Entra ID.
      Settings:

      name	Enter a name for your provider. Note: The name must match the name you used as part of the Redirect URI in your Azure portal. Where is the provider name used in the Redirect URI in Azure? The Redirect URI in Azure has to following format: https://FQDNofYourSquaredUpServer/YourSquaredUpVersion/ext-core-webapi/callback/NameOfYourMSEntraIDProvider FQDNofYourSquaredUpServer For example yoursquaredupserver.yourdomain.name YourSquaredUpVersion For example squaredupv5 NameOfYourMSEntraIDProvider The name you'll give the Microsoft Entra ID provider when you create it in SquaredUp DS
      base URL	Enter the base URL for all API requests for this provider. This URL will be prepended to all requests a tile that uses this provider makes.
      Microsoft Entra ID id	Enter your Microsoft Entra ID Tenant ID.
      resource URL	Enter the resource or API root URL you want to access. This URL can be identical to the Base URL, depending on which API you are using.
      Microsoft Entra ID application id	Enter your Microsoft Entra ID Application ID.
      application key	The client secret you created in Azure. If you followed the steps for configure settings for an application in Azure, the client secret should still be in your clipboard or in your password manager. If you don't have your client secret or your client secret expired, you need to create a new one.
      authorization scope (optional)	Here you can limit the tiles that use this provider to perform only certain actions. For example, you can narrow down the scope to read only GET requests or to specific parts of the API. Please refer to the API documentation of the API you are using for details about how to enter the authorization scope.

   3. Click save.
   4. Once the provider is created, the final step is to authorize it within Azure AD. These credentials are sent to Azure AD and are not stored anywhere within SquaredUp DS.
      Add Reply URL to Azure AD Application and authorize provider

      1. Note down the reply url listed under the newly created provider in SquaredUp DS.
      2. In the Azure portal, click on the Azure Active Directory resource and under the App registrations page, find your SquaredUp DS app, and click on it to open it's Overview page.
      3. Click on Authentication.
      4. Add the URL from step 1 to the list of Redirect URIs.
      5. Wait a few minutes for the Azure AD to process the update, then back in SquaredUp DS click perform authorization under the newly created provider.
         If you do not want to repeatedly add a reply URL to the application for each new provider, you can specify a wildcard when configuring the reply URL using a * (e.g. https://server.local/*).

Use the provider you have created with the Web API tile, see How to use the Web API tile

For an example of the steps for using an Azure Active Directory provider for Microsoft Graph API with the Web API tile see:

How to build insightful M365 Analytics Dashboards with SquaredUp and Microsoft Graph API (Part 1)