Connect Resco Cloud to Azure AD

From Resco's Wiki
Jump to navigation Jump to search
Resco Cloud administration

These steps will guide you through the process of connecting Resco Cloud to Azure Active Directory.

  1. Sign in to the Resco Cloud management console using a System Administrator user account.
  2. Start the Admin Console.
  3. Select Settings > Organization from the menu to edit the properties of your organization.
  4. In the Azure AD line, click Connect....
  5. Enter the Azure AD credentials that you want to associate with your Resco Cloud user account.

Your Resco Cloud organization is now connected to Azure AD:

Azure ad connected.png

Any login attempt must be done using the Azure AD login page for every user account in your organization. You can import Azure AD users, or you can manually create/assign Azure AD users.

Import Azure AD users to Resco Cloud

  1. In the Admin Console under Settings > Organization, in the Azure AD line, click Import Users.
  2. From the list of users of the active directory, select those that you want to import.
  3. Optionally, you can select what role(s) should the imported users get.
  4. Click Import Azure Users.

If the email address associated with a user's Azure AD equals to the email of an existing user in Resco Cloud, then the accounts will be associated with each other. If the emails don't match, a new user is created in Resco Cloud.

Manually assign Azure AD users to Resco Cloud users

  1. In the Admin Console, go to Resources > Users.
  2. Select an existing user or create a new one.
  3. As the Domain Name, select the Azure AD user who you want to associate with the selected Resco Cloud user.
  4. Click Save & Close.

Connect Resco mobile app to Resco Cloud that uses Azure AD

  1. Tap Synchronize.
  2. As User Mode select OAuth.
  3. Enter the URL of your organization, usually https://{organizationname}.rescocrm.com.
  4. Enter a new password that protects your offline data (twice). This password cannot be recovered so remember it well.
  5. Tap Synchronize.
  6. Enter your Azure AD credentials.

Connect integration app to Resco Cloud

You can create your own app in Azure Portal and let it access Resco Cloud.

Register custom client ID

  1. Login to Azure Portal (https://portal.azure.com).
  2. Open Azure Active Directory > App registrations > New application registration.
  3. Enter Name, select Application Type to "Native", and enter Redirect URI.
  4. Click Create.
  5. Open Settings > Required permissions > Add.
  6. Select an API. Search for Resco Cloud and select it.
  7. Select permissions > check Access RescoCloud > Select it and click Done.
  8. Copy the Application ID below to the ClientId variable.
  9. Build Consent URL by replacing the client_id and redirect_uri from the registered application.
  10. Now, you can use the registered application ID with web services.

Permissions

For C#, we only have username/password, you will have to add the login through the browser (https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-app-types#mobile-and-native-apps) or device-code flow (https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-device-code).

If you have your own app (client id/secret), because of integrations with other APIs, then you can add Resco Cloud permission so that you can use even Resco Cloud API through it:

  1. Open App registrations > Your App > API Permissions.
  2. Add a permission > APIs my organization uses.
  3. Search for "Resco Cloud" (Application ID d642d141-e8ce-4658-91db-db9a3870eb51).
  4. Select it and check user_impersonation permission.
  5. Click Add permission.

In case you use the "client_secret" grant type, the principal of the token has no access to your Resco Cloud organization. It uses its own "ObjectID", which must be added manually to the user's entity.

  1. To get the "ObjectID", decode the token and get the "oid" property value.
    Or go to your app registration and open Cloud Shell:
    Connect-AzureAD
    $(Get-AzureADServicePrincipal -Filter "AppId eq 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'").ObjectId
    where xxx is the service client application ID.
  2. Then, open Manage Data > Show System Entities > User > Show System Fields > New.
  3. Fill Name and domain name (e.g. INTEGRATION), enter ObjectID to the “azureactivedirectoryobjectid“ field, and click Save.
Retrieved from "https://docs.resco.net/mediawiki/index.php?title=Connect_Resco_Cloud_to_Azure_AD&oldid=7486"