1. Navigate to the Azure Portal and select Azure Active Directory.
  2. On the left menu select App Registrations.
  3. Enter the following details and then click the Register button:

    OptionValue
    NameEzeScan WebApps
    Supported account types

    Accounts in this organizational directory only ([Your tenant name here] only - Single tenant)

    Redirect URIWeb - https://ewa.domain.com.au/signin-oidc (Sub in the URL of your EWA install).


  4. On the left menu click on the Authentication option.
  5. Set the following options and then click Save:

    OptionValue
    Logout Urlhttps://ewa.domain.com/signout-oidc (Sub in the URL of your EWA install).
    Implicit GrantID tokens
    Supported Account Types > Who can use this application or access this API?Accounts in this organizational directory only ([Your tenant name here] only - Single tenant)
    Advanced Settings > Allow public client flowsNo

  6. On the left menu select the Overview option.
  7. Take note of the Application (client) ID and the Directory (tenant) ID by mousing over then clicking the copy to clipboard button and saving them somewhere safe for later use.
  8. Click on the Endpoints option in the top menu. 
  9. Take note of the OpenID Connect metadata document URL by clicking the copy to clipboard button and saving it somewhere safe for later use.
  10. You should now have the 3 respective values saved out ready to put into EzeScan WebApps appsettings.json file.
  11. Navigate to Token configuration and click Add optional claim
  12. Select the Token Type: ID, then tick the options to enable email and upn. Click the Add button.
  13. If asked then tick the "Turn on the Microsoft Graph email, profile permissions" option and click Add.
  14. Edit your appsettings.json files Authentication section to contain the following:

    appsettings.json

     "Authentication": {
        "EnableApiKey": true,
        "Providers": {
           "OpenIdConnect": {
            "Authority": "https://login.microsoftonline.com/[Directory (tenant) ID]/v2.0",
            "ClientId": "[Application (client) ID]",
            "MetadataAddress": "[OpenID Connect metadata document]"
          }    
        }
      }
    
    
    JS

    Confirm your Authentcation section now looks like the following and save the file. 

    appsettings.json

     "Authentication": {
        "EnableApiKey": true,
        "Providers": {
           "OpenIdConnect": {
            "Authority": "https://login.microsoftonline.com/81270000-0000-0000-0000-0000f000b68b/v2.0",
            "ClientId": "3523c7b7-0000-0000-0000-9463c2bffbf2",
            "MetadataAddress": "https://login.microsoftonline.com/81270000-0000-0000-0000-0000f000b68b/v2.0/.well-known/openid-configuration"
          }    
        }
      }
    
    
    JS
  15. Restart the IIS App Pool that runs EzeScan WebApps.
  16. Navigate to your EzeScan WebApps site and click the Login button.
  17. Login as an Azure AD Administrator, tick the Consent box and then click Accept.