To Configure Microsoft Azure for Integration with Your MYOB Acumatica Instance
To configure Microsoft Azure Active Directory (Azure AD) for integration with your MYOB Acumatica instance, you perform the following actions in Microsoft Azure, each of which is described in a section of this topic:
- Registering your MYOB Acumatica instance, and copying the registration parameters for further use in the web.config file.
- Obtaining the client secret, and copying it, too, for further use in the web.config file.
- Configuring API permissions.
- Specifying your MYOB Acumatica instance ID URI.
- Specifying your MYOB Acumatica instance redirect URI.
- The procedure below is designed for the most common usage scenarios. If you are implementing a more complicated scenario and you encounter difficulties, contact MYOB Acumatica technical support.
- The vendor of the third-party software may change the user interface and settings. Therefore, the screen elements and setting names that you see may differ from the ones described in the procedure.
- The procedure will be updated to describe new common scenarios and changes in the user interface and settings.
Before You Begin
- Your company should have an Azure AD instance configured. For more information, see Azure Active Directory.
- Your company should have a Microsoft Azure subscription to register your MYOB Acumatica instance in Azure AD.
Step 1: To Register Your Application
To register your application on Microsoft Azure, you perform the following instructions:
- Sign in to the Microsoft Azure portal.
- On the left menu, click the Azure Active Directory icon. If you have one Azure AD instance, it will be opened automatically. If you have multiple instances, click the Azure AD instance where you want to register the application.
- In the left pane, click App registrations. You will see a list of applications (as shown in the following screenshot) or an empty list, depending on whether any applications have been registered previously.
- On the pane toolbar, click New registration.
- In the Register an application pane (which is shown in the
following screenshot), do the following:
- In the Name box, type a name for your MYOB Acumatica instance to be displayed in the applications list.
- In the Supported account types section, select the Accounts in this organizational directory only (<Your_Azure_AD_Instance_Name> only - Single tenant) option button.
- In the Redirect URI section, leave Web selected in the first unlabeled box.
- Click Register.
Now your MYOB Acumatica instance is registered with Azure AD, and the value in Application (Client) ID is generated (see the following screenshot).
- Copy the value in the Application (Client) ID column (see the previous screenshot).
- Switch to your Azure AD instance by clicking its name in the navigation bar in upper left corner of the screen.
- Click Overview in the left menu and copy the following parameter
values for further use in your web.config file (see the following
screenshot):
- Tenant identifier of your Azure instance
- The domain name in Azure AD
Step 2: To Obtain the Client Secret
To obtain the client secret for further use in the web.config file, you perform the following instructions:
- In the left pane, click App registrations and select needed application.
- In the left pane, click Certificates & secrets.
- Click New client secret under Client secrets in the bottom part of the screen (see the following screenshot).
- In the Add a client secret pane, in the Description box, type a description of the client secret.
- Select the secret duration by selecting the appropriate option (see the following screenshot).
- Click Add.
- Copy the value of the client secret, which appears in the Value
column of the Client secrets pane (see the screenshot below), to
use it as a client secret in MYOB Acumatica.Important: You must copy the client secret value right after clicking Add and before you leave the page. The value will be hidden after you leave the page and will not be shown anymore.
You have obtained the client secret for further use in the web.config file. Now you can specify API permissions.
Step 3: To Specify API Permissions
To specify API permissions, you perform the following instructions:
- In the left pane, click API permissions.
- In the API permissions pane, click Add a permission (see the following screenshot).
- In the API permissions pane, select the Microsoft Graph API, as shown in the following screenshot.
- In the Request API permissions pane, click Application permissions, as shown in the following screenshot.
- In the Domain group, select the Domain.Read.All permission.
- Click Add permissions, as shown in the following screenshot.
- Repeat Step 2 through 6 to add the following permissions:
- User.Read.All
- GroupMember.Read.All
Tip: If you use the hidden members in the Active Directory and would like these members to have access to MYOB Acumatica, you add the Member.Read.Hidden permission, as well. - Click Grant admin consent for <Azure_Instance_Name>.
-
Tip: You should have administrative access rights to grant consent. Otherwise, request instance administrator to grant consent.
- Confirm your action by clicking Yes. The status of the permission has been changed to Granted for <Azure_Instance_Name> (see the Status column in the following screenshot).
You have configured API permissions. Now you can specify your application ID URI.
Step 4: To Specify Your Application ID URI
To specify the application ID URI of your MYOB Acumatica instance, you perform the following instructions:
- Switch to your Azure AD instance by clicking its name in the navigation bar in upper left corner of the screen.
- In the left pane, click App registrations.
- In the App registrations list, click the application name that you have registered.
- In the left pane, click Overview (see the following screenshot).
- In the right pane, click Add an Application ID URI.
- In the Expose an API pane that opens, click Set next to Application ID URI (see the following screenshot).
- In the Set the App ID URI dialog box, type your MYOB Acumatica instance ID URI—that is,
Full_Acumatica_Instance_URL
. (This URI should be the same as theRealm
property in the web.config file; for example, http://localhost/Acumatica192000078 or http://app.site.net/instance).Attention: For single tenant applications, Azure AD validates that domain in the value of URI is a part of the verified domain list in the Azure AD tenant. If the specified domain is not verified, you should use the default scheme (api://<Application_Client_ID>
) provided by Azure AD. - Click Save.
You have specified your MYOB Acumatica instance ID URI. Now you can specify your MYOB Acumatica instance redirect URI.
Step 5: To Specify the Redirect URI of Your Application
The redirect URI is used as the destination when returning authentication responses (tokens) after Microsoft Azure successfully authenticates users. To specify the redirect URI, you perform the following instructions:
- In the left pane, click Overview (see the following screenshot).
- In the right pane, click Add a Redirect URI.
- In the Authentication pane that opens.
- In the Platform configurations section, click Add a platform.
- In the Configure platforms pane, select the Web platform (see the following screenshot).
- In the Configure Web pane, under the Redirect
URIs section, type the URI of your MYOB Acumatica instance—that is,
Full_Acumatica_Instance_URL
. For example, it could be http://localhost/Acumatica192000078 or http://app.site.net/instance. - Click Configure as shown in the previous screenshot.
You have specified the redirect URI of your MYOB Acumatica instance. The configuration of your Azure instance for integration with your MYOB Acumatica instance is complete.
Now you can enable integration with Azure AD for your MYOB Acumatica instance, as described in To Configure the Web.Config File for Integration with Azure Active Directory.