You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/develop/quickstart-v1-integrate-apps-with-azure-ad.md
+14-17Lines changed: 14 additions & 17 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -13,10 +13,10 @@ ms.devlang: na
13
13
ms.topic: article
14
14
ms.tgt_pltfrm: na
15
15
ms.workload: identity
16
-
ms.date: 04/18/2018
16
+
ms.date: 08/28/2018
17
17
ms.author: celested
18
18
ms.custom: aaddev
19
-
ms.reviewer: luleon
19
+
ms.reviewer: celested
20
20
---
21
21
22
22
# Integrating applications with Azure Active Directory
@@ -91,12 +91,12 @@ The following steps show you how the consent experience works for both the appli
91
91
92
92
5. After the user grants consent, an authorization code is returned to your application, which is redeemed to acquire an access token and refresh token. For more information about this flow, see the [web Application to web API section in Authentication Scenarios for Azure AD](authentication-scenarios.md#web-application-to-web-api).
93
93
94
-
6. As an administrator, you can also consent to an application's delegated permissions on behalf of all the users in your tenant. Administrative consent prevents the consent dialog from appearing for every user in the tenant, and can be done in the [Azure portal](https://portal.azure.com) by users with the administrator role. From the **Settings** page for your application, click **Required Permissions** and click on the **Grant Permissions** button.
94
+
6. As an administrator, you can also consent to an application's delegated permissions on behalf of all the users in your tenant. Administrative consent prevents the consent dialog from appearing for every user in the tenant, and can be done in the [Azure portal](https://portal.azure.com) by users with the administrator role. From the **Settings** page for your application, click **Required permissions** and click on the **Grant permissions** button.
95
95
96
96
97
97
98
98
> [!NOTE]
99
-
> Granting explicit consent using the **Grant Permissions** button is currently required for single page applications (SPA) that use ADAL.js. Otherwise, the application fails when the access token is requested.
99
+
> Granting explicit consent using the **Grant permissions** button is currently required for single page applications (SPA) that use ADAL.js. Otherwise, the application fails when the access token is requested.
100
100
101
101
### Configure a client application to access web APIs
102
102
In order for a web/confidential client application to be able to participate in an authorization grant flow that requires authentication (and obtain an access token), it must establish secure credentials. The default authentication method supported by the Azure portal is client ID + secret key. This section covers the configuration steps required to provide the secret key with your client's credentials.
@@ -108,7 +108,7 @@ Additionally, before a client can access a web API exposed by a resource applica
108
108
- Delegated Permissions: Your client application needs to access the web API as the signed-in user, but with access limited by the selected permission. This type of permission can be granted by a user unless the permission requires administrator consent.
109
109
110
110
> [!NOTE]
111
-
> Adding a delegated permission to an application does not automatically grant consent to the users within the tenant. Users must still manually consent for the added delegated permissions at runtime, unless the administrator clicks the **Grant Permissions** button from the **Required Permissions** section of the application page in the Azure portal.
111
+
> Adding a delegated permission to an application does not automatically grant consent to the users within the tenant. Users must still manually consent for the added delegated permissions at runtime, unless the administrator grants consent on behalf of all users.
112
112
113
113
#### To add application credentials, or permissions to access web APIs
114
114
1. Sign in to the [Azure portal](https://portal.azure.com).
@@ -117,16 +117,18 @@ Additionally, before a client can access a web API exposed by a resource applica
117
117
118
118
119
119
120
-
4. You are taken to the application's main registration page, which opens up the **Settings** page for the application. To add a secret key for your web application's credentials:
120
+
4. You are taken to the application's main registration page, which opens up the **Settings** page for the application. To add a credential for your web application:
121
121
- Click the **Keys** section on the **Settings** page.
122
-
- Add a description for your key.
123
-
- Select either a one or two year duration.
124
-
- Click **Save**. The right-most column will contain the key value, after you save the configuration changes. **Be sure to copy the key** for use in your client application code, as it is not accessible once you leave this page.
125
-
126
-
122
+
- To add a certificate:
123
+
- Select **Upload Public Key**.
124
+
- Select the file you'd like to upload. It must be one of the following file types: .cer, .pem, .crt.
125
+
- To add a password:
126
+
- Add a description for your key.
127
+
- Select a duration.
128
+
- Click **Save**. The right-most column will contain the key value, after you save the configuration changes. **Be sure to copy the key** for use in your client application code, as it is not accessible once you leave this page.
127
129
128
130
5. To add permission(s) to access resource APIs from your client
129
-
- Click the **Required Permissions** section on the **Settings** page.
131
+
- Click the **Required permissions** section on the **Settings** page.
130
132
- Click the **Add** button.
131
133
- Click **Select an API** to select the type of resources you want to pick from.
132
134
- Browse through the list of available APIs or use the search box to select from the available resource applications in your directory that expose a web API. Click the resource you are interested in, then click **Select**.
@@ -138,11 +140,6 @@ Additionally, before a client can access a web API exposed by a resource applica
138
140
139
141
6. When finished, click the **Select** button on **Enable Access** page, then the **Done** button on the **Add API access** page. You are returned to the **Required permissions** page, where the new resource is added to the list of APIs.
140
142
141
-
> [!NOTE]
142
-
> Clicking the **Done** button also automatically sets the permissions for your application in your directory based on the permissions to other applications that you configured. You can view these application permissions by looking at the application **Settings** page.
143
-
>
144
-
>
145
-
146
143
### Configuring a resource application to expose web APIs
147
144
148
145
You can develop a web API and make it available to client applications by exposing access [scopes](developer-glossary.md#scopes) and [roles](developer-glossary.md#roles). A correctly configured web API is made available just like the other Microsoft web APIs, including the Graph API and the Office 365 APIs. Access scopes and roles are exposed through your [application's manifest](developer-glossary.md#application-manifest), which is a JSON file that represents your application’s identity configuration.
0 commit comments