To Configure Microsoft Azure for Integration with Your MYOB Acumatica Instance

To configure Microsoft Azure Active Directory (Azure AD) for integration with your MYOB Acumatica instance, you perform the following actions in Microsoft Azure, each of which is described in a section of this topic:

  1. Registering your MYOB Acumatica instance, and copying the registration parameters for further use in the web.config file.
  2. Obtaining the client secret, and copying it, too, for further use in the web.config file.
  3. Configuring API permissions.
  4. Specifying your MYOB Acumatica instance ID URI.
  5. Specifying your MYOB Acumatica instance redirect URI.
Attention:
This topic walks you through the configuration of third-party software. Please note the following:
  • The procedure below is designed for the most common usage scenarios. If you are implementing a more complicated scenario and you encounter difficulties, contact MYOB Acumatica technical support.
  • The vendor of the third-party software may change the user interface and settings. Therefore, the screen elements and setting names that you see may differ from the ones described in the procedure.
  • The procedure will be updated to describe new common scenarios and changes in the user interface and settings.

Before You Begin

  • Your company should have an Azure AD instance configured. For more information, see Azure Active Directory.
  • Your company should have a Microsoft Azure subscription to register your MYOB Acumatica instance in Azure AD.
Attention:
We recommend that you use the latest version of Microsoft Edge to work with Microsoft Azure as it was optimized to work in this browser. If you use other browsers, web interface of Microsoft Azure may work incorrectly. For a list of the recommended browsers, see Supported devices in the Microsoft Azure documentation.

Step 1: To Register Your Application

To register your application on Microsoft Azure, you perform the following instructions:

  1. Sign in to the Microsoft Azure portal.
  2. On the left menu, click the Azure Active Directory icon. If you have one Azure AD instance, it will be opened automatically. If you have multiple instances, click the Azure AD instance where you want to register the application.
  3. In the left pane, click App registrations. You will see a list of applications (as shown in the following screenshot) or an empty list, depending on whether any applications have been registered previously.
    Figure 1. Microsoft Azure: No applications have been registered in Azure AD


  4. On the pane toolbar, click New registration.
  5. In the Register an application pane (which is shown in the following screenshot), do the following:
    1. In the Name box, type a name for your MYOB Acumatica instance to be displayed in the applications list.
    2. In the Supported account types section, select the Accounts in this organizational directory only (<Your_Azure_AD_Instance_Name> only - Single tenant) option button.
    3. In the Redirect URI section, leave Web selected in the first unlabeled box.
    4. Click Register.
    Figure 2. Microsoft Azure: Register an application


    Now your MYOB Acumatica instance is registered with Azure AD, and the value in Application (Client) ID is generated (see the following screenshot).

    Figure 3. Microsoft Azure: Application registered with Azure AD


  6. Copy the value in the Application (Client) ID column (see the previous screenshot).
  7. Switch to your Azure AD instance by clicking its name in the navigation bar in upper left corner of the screen.
  8. Click Overview in the left menu and copy the following parameter values for further use in your web.config file (see the following screenshot):
    • Tenant identifier of your Azure instance
    • The domain name in Azure AD
    Figure 4. Microsoft Azure: Example of the tenant ID and path to the Azure AD instance


Step 2: To Obtain the Client Secret

To obtain the client secret for further use in the web.config file, you perform the following instructions:

  1. In the left pane, click App registrations and select needed application.
  2. In the left pane, click Certificates & secrets.
  3. Click New client secret under Client secrets in the bottom part of the screen (see the following screenshot).
    Figure 5. Microsoft Azure: New client secret


  4. In the Add a client secret pane, in the Description box, type a description of the client secret.
  5. Select the secret duration by selecting the appropriate option (see the following screenshot).
    Figure 6. Microsoft Azure: Client secret generation


  6. Click Add.
  7. Copy the value of the client secret, which appears in the Value column of the Client secrets pane (see the screenshot below), to use it as a client secret in MYOB Acumatica.
    Important:
    You must copy the client secret value right after clicking Add and before you leave the page. The value will be hidden after you leave the page and will not be shown anymore.
    Figure 7. Microsoft Azure: Client secret


You have obtained the client secret for further use in the web.config file. Now you can specify API permissions.

Step 3: To Specify API Permissions

To specify API permissions, you perform the following instructions:

  1. In the left pane, click API permissions.
  2. In the API permissions pane, click Add a permission (see the following screenshot).
    Figure 8. Microsoft Azure: New API permissions


  3. In the API permissions pane, select the Microsoft Graph API, as shown in the following screenshot.
    Figure 9. Microsoft Azure: API selected


  4. In the Request API permissions pane, click Application permissions, as shown in the following screenshot.
    Figure 10. Microsoft Azure: API permissions selected


  5. In the Domain group, select the Domain.Read.All permission.
  6. Click Add permissions, as shown in the following screenshot.
    Figure 11. Microsoft Azure: API permission added


  7. Repeat Step 2 through 6 to add the following permissions:
    • User.Read.All
    • GroupMember.Read.All
    Tip:
    If you use the hidden members in the Active Directory and would like these members to have access to MYOB Acumatica, you add the Member.Read.Hidden permission, as well.
  8. Click Grant admin consent for <Azure_Instance_Name>.
  9. Tip:
    You should have administrative access rights to grant consent. Otherwise, request instance administrator to grant consent.
  10. Confirm your action by clicking Yes. The status of the permission has been changed to Granted for <Azure_Instance_Name> (see the Status column in the following screenshot).
    Figure 12. Microsoft Azure: API permission granted


You have configured API permissions. Now you can specify your application ID URI.

Step 4: To Specify Your Application ID URI

To specify the application ID URI of your MYOB Acumatica instance, you perform the following instructions:

  1. Switch to your Azure AD instance by clicking its name in the navigation bar in upper left corner of the screen.
  2. In the left pane, click App registrations.
  3. In the App registrations list, click the application name that you have registered.
  4. In the left pane, click Overview (see the following screenshot).
  5. In the right pane, click Add an Application ID URI.
    Figure 13. Microsoft Azure: Addition of an application ID URI


  6. In the Expose an API pane that opens, click Set next to Application ID URI (see the following screenshot).
    Figure 14. Microsoft Azure: Setting an application ID URI


  7. In the Set the App ID URI dialog box, type your MYOB Acumatica instance ID URI—that is, Full_Acumatica_Instance_URL. (This URI should be the same as the Realm property in the web.config file; for example, http://localhost/Acumatica192000078 or http://app.site.net/instance).
    Attention:
    For single tenant applications, Azure AD validates that domain in the value of URI is a part of the verified domain list in the Azure AD tenant. If the specified domain is not verified, you should use the default scheme (api://<Application_Client_ID>) provided by Azure AD.
  8. Click Save.

    You have specified your MYOB Acumatica instance ID URI. Now you can specify your MYOB Acumatica instance redirect URI.

Step 5: To Specify the Redirect URI of Your Application

The redirect URI is used as the destination when returning authentication responses (tokens) after Microsoft Azure successfully authenticates users. To specify the redirect URI, you perform the following instructions:

  1. In the left pane, click Overview (see the following screenshot).
  2. In the right pane, click Add a Redirect URI.
    Figure 15. Microsoft Azure: Addition of a redirect URI


  3. In the Authentication pane that opens.
  4. In the Platform configurations section, click Add a platform.
  5. In the Configure platforms pane, select the Web platform (see the following screenshot).
    Figure 16. Microsoft Azure: Selection of the Web platform


  6. In the Configure Web pane, under the Redirect URIs section, type the URI of your MYOB Acumatica instance—that is, Full_Acumatica_Instance_URL. For example, it could be http://localhost/Acumatica192000078 or http://app.site.net/instance.
    Figure 17. Microsoft Azure: Redirect URI configuration


  7. Click Configure as shown in the previous screenshot.

You have specified the redirect URI of your MYOB Acumatica instance. The configuration of your Azure instance for integration with your MYOB Acumatica instance is complete.

Now you can enable integration with Azure AD for your MYOB Acumatica instance, as described in To Configure the Web.Config File for Integration with Azure Active Directory.