Skip to main content
Skip table of contents

Azure AD App Registration

  1. Navigate to the Azure Portal and select Azure Active Directory.
  2. On the left menu select App Registrations.

  3. Enter the following details and then click the Register button:

    OptionValue
    NameEzeScan WebApps
    Supported account types

    Accounts in this organizational directory only ([Your tenant name here] only - Single tenant)

    Redirect URIWeb - https://ewa.domain.com.au/signin-oidc (Sub in the URL of your EWA install).


  4. On the left menu click on the Authentication option.

  5. Set the following options and then click Save:

    OptionValue
    Logout Urlhttps://ewa.domain.com/signout-oidc (Sub in the URL of your EWA install).
    Implicit GrantID tokens
    Supported Account Types > Who can use this application or access this API?Accounts in this organizational directory only ([Your tenant name here] only - Single tenant)
    Advanced Settings > Allow public client flowsNo

  6. On the left menu select the Overview option.
  7. Take note of the Application (client) ID and the Directory (tenant) ID by mousing over then clicking the copy to clipboard button and saving them somewhere safe for later use.
  8. Click on the Endpoints option in the top menu. 
  9. Take note of the OpenID Connect metadata document URL by clicking the copy to clipboard button and saving it somewhere safe for later use.
  10. You should now have the 3 respective values saved out ready to put into EzeScan WebApps appsettings.json file.
  11. Navigate to Token configuration and click Add optional claim
  12. Select the Token Type: ID, then tick the options to enable email, upn, family_name and given_name. Click the Add button.
  13. If asked then tick the "Turn on the Microsoft Graph email, profile permissions" option and click Add.
  14. Click Add groups claim

  15. Set the following settings and then click Add:

    OptionValue
    Select group types to include in Access, ID, and SAML tokens.Security groups
    Customize token properties by type (ID)

    Group ID

    Emit groups as role claims


  16. Edit your appsettings.json files Authentication section to contain the following:

    appsettings.json

    JS 
     "Authentication": {
    "EnableApiKey": true,
    "Providers": {
       "OpenIdConnect": {
        "Authority": "https://login.microsoftonline.com/[Directory (tenant) ID]/v2.0",
        "ClientId": "[Application (client) ID]",
        "MetadataAddress": "[OpenID Connect metadata document]",
	 		"TokenValidationParameters": {
          	"NameClaimType": "name"
        }
      }    
    }
  }

    Confirm your Authentcation section now looks like the following and save the file. 

    appsettings.json

    JS 
     "Authentication": {
    "EnableApiKey": true,
    "Providers": {
       "OpenIdConnect": {
        "Authority": "https://login.microsoftonline.com/81270000-0000-0000-0000-0000f000b68b/v2.0",
        "ClientId": "3523c7b7-0000-0000-0000-9463c2bffbf2",
        "MetadataAddress": "https://login.microsoftonline.com/81270000-0000-0000-0000-0000f000b68b/v2.0/.well-known/openid-configuration",
	 		"TokenValidationParameters": {
          	"NameClaimType": "name"
        }
      }    
    }
  }
  17. Restart the IIS App Pool that runs EzeScan WebApps.
  18. Navigate to your EzeScan WebApps site and click the Login button.
  19. Login as an Azure AD Administrator, tick the Consent box and then click Accept.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close