Configuring a custom app for authenticating with Microsoft 365
For most cases, we recommend using the native Diggspace app for authenticating with Microsoft 365. If for some reason you need to use a custom App Registration, follow the steps below on how to create it on Entra ID.
The following steps need to be performed by a Microsoft Entra ID admin
- Create a new App Registration
- Choose a name that is easily identifiable by you
- Select Single Tenant
- Fill in the Redirect URI
- Select Single-page application (SPA)
- The value will be: "https://your-diggspace-domain/blank.html"
- Click Register
- Go to the Manage > API Permissions on the side panel, and click Add a permission:
- Select Microsoft Graph > Delegated, and add the following permissions
- email – for authentication
- offline_access – for authentication
- profile – for authentication
- Mail.ReadBasic – necessary to indicate the number of emails to read.
- Calendars.Read – necessary to indicate the number of calendar events for the day.
- Calendars.ReadWrite – to add a Diggspace event to the user's Outlook calendar.
- User.Read – To access the user's profile information, to list it on the Diggspace profile page.
- User.Read.All – To access the user's profile information, to list it on the Diggspace profile page.
- Files.Read – List the user's recent documents.
- Group.Read.All – List the user's groups.
- Group.ReadWrite.All – Add groups to favorites.
- Directory.AccessAsUser.All – To enable access with the user's context.
- People.Read - Display frequent contacts
- Tasks.Read and Tasks.Read.Shared - Display user Todo and Planner tasks
- Application
- User.Read.All – Used by a profile import mechanism that runs nightly (synchronizes user photos, which SCIM cannot do).
- ExternalConnection.ReadWrite.OwnedBy – Used to make Diggspace content available to Microsoft Search.
- ExternalItem.ReadWrite.OwnedBy – Used to make Diggspace content available to Microsoft Search.
- Click Grant admin consent
- Then go to Manage > Certificates & Secrets in the sidebar and create a new client secret, take note of this secret as you will need to add it to your Diggspace settings.
- In the Overview, take note of the Application ID, as well as the Directory (tenant) ID.
- Go to your Diggspace portal and navigate to User Management > Authentication through the user menu
- In the Microsoft 365 section, select Use custom app option, click the edit button, and input the App ID, App Secret, and Tenant ID saved in steps 8 and 9.
- If the Use custom app option is disabled, reach out to your support contact.
Related Articles
Setting up the Microsoft 365 login
Diggspace comes with a Microsoft 365 authentication provider out of the box. To start logging in with your Microsoft 365 account, follow the steps below: The steps below have to be executed by a Diggspace user with the Global Admin role, and an Entra ...Configure SCIM for user syncing with Microsoft Entra ID
SCIM is a system that allows for keeping Diggspace users in sync with your organization's Entra ID, ensuring that the user list in Diggspace is as up-to-date as possible. Follow the steps below to set up SCIM. Generating the SCIM token The first step ...Microsoft 365 Search
As a hub for your company's work, Diggspace integrates with the Microsoft 365 search, to ensure that you can search for what you need, in one central location. With the Microsoft 365 search integration, you can search for OneDrive files and ...Configure which Entra ID users have access to Diggspace
If you use the Microsoft authentication provider, by default, all users in your Azure tenant will have access to Diggspace. In this article, we'll show you how to restrict access to only some users in the tenant. Restricting access to specific users ...User Menu & Settings
The portal settings are available from the User Menu on the top right bar, by clicking on your profile picture or this icon: From here, people with admin access are able to see a full list of setting that will allow them to manage the portal. My ...