CSP PARTNER APPLICATION OVERVIEW Multi-tenant application model

Similar documents
Partner Center: Secure application model

One Identity Active Roles 7.2. Azure AD and Office 365 Management Administrator Guide

October J. Polycom Cloud Services Portal

Integrate your CSP Direct Agreement

Integrate your CSP Direct Agreement

Polycom RealConnect for Office 365

Slack Connector. Version 2.0. User Guide

SafeNet Authentication Client

CoreBlox Integration Kit. Version 2.2. User Guide

Operational Reporting Web Viewer Installation and Users Guide

Dropbox Connector. Version 2.0. User Guide

Box Connector. Version 2.0. User Guide

SSO Integration Overview

Quick Connection Guide

Zendesk Connector. Version 2.0. User Guide

AvePoint Cloud Governance. Release Notes

Cloud Access Manager How to Deploy Cloud Access Manager in a Virtual Private Cloud

Azure Archival Installation Guide

Quick Connection Guide

CoreBlox Token Translator. Version 1.0. User Guide

Issued March FLY for Dropbox Installation and Configuration Guide

Cloud Access Manager Configuration Guide

One Identity Defender 5.9. Product Overview

AvePoint Cloud Governance. Release Notes

SafeNet Authentication Service

One Identity Starling Two-Factor HTTP Module 2.1. Administration Guide

Tisio CE Release Notes

Quick Connection Guide

Release 3.0. Delegated Admin Application Guide

Zephyr Cloud for HipChat

Polycom RealConnect for Microsoft Teams

AvePoint Cloud Governance. Release Notes

WebEx Connector. Version 2.0. User Guide

SafeNet Authentication Service

SafeNet Authentication Client

SafeNet Authentication Service

Single Sign-On for PCF. User's Guide

OAM Integration Kit. Version 3.0. User Guide

Polycom RealPresence Resource Manager System, Virtual Edition

Upgrading MYOB BankLink Notes (desktop)

One Identity Starling Two-Factor Desktop Login 1.0. Administration Guide

SafeNet Authentication Service

10997: Office 365 Administration and Troubleshooting

dox42 Azure Active Directory Integration

Application Launcher User Guide

SafeNet Authentication Service

One Identity Starling Two-Factor AD FS Adapter 6.0. Administrator Guide

SonicWall Secure Mobile Access

DocAve. Release Notes. Governance Automation Online. Service Pack 8, Cumulative Update 1

Release Notes. BlackBerry Enterprise Identity

Teams migration. Admin guide for Office 365 teams/groups to teams/groups migrations

SonicWall Mobile Connect for Chrome OS

Web Access Management Token Translator. Version 2.0. User Guide

Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

Xerox Security Bulletin XRX12-011

CA Mobile Device Management Configure Access Control for Using Exchange PowerShell cmdlets

Metalogix Essentials for Office Creating a Backup

SafeNet Authentication Client

Quest VROOM Quick Setup Guide for Quest Rapid Recovery and Foglight Windows Installers

SafeNet Authentication Service

Quick Connection Guide

Custom Location Extension

One Identity Active Roles 7.2. Quick Start Guide

Quest VROOM Quick Setup Guide for Quest Rapid Recovery for Windows and Quest Foglight vapp Installers

AvePoint Governance Automation 2. Release Notes

WebSphere Integration Kit. Version User Guide

Tanium Network Quarantine User Guide

Integration Guide. LoginTC

SafeNet Authentication Service

SafeNet Authentication Service

SAML SSO Okta Identity Provider 2

DocAve. Release Notes. Governance Automation Online. Service Pack 9, Cumulative Update 6

One Identity Manager 8.0. Administration Guide for Connecting to Azure Active Directory

Scribe Monitor App. Version 1.0

SonicWall Secure Mobile Access

Cloud Access Manager Overview

NetApp Cloud Volumes Service for AWS

Address Postscript and DLM Vulnerabilities v1.1 03/07/12

D365 DATA ARCHIVAL & RETENTION

One Identity Active Roles 7.2

Upgrading BankLink Books

SafeNet Authentication Service Agent for Microsoft Outlook Web App. Installation and Configuration Guide

Dell One Identity Cloud Access Manager 8.0. Overview

A Quick start Guide. Version General Information: Online Support:

Multifactor Authentication Installation and Configuration Guide

Course 10997A: Office 365 Administration and Troubleshooting

Tanium Map User Guide. Version 1.0.0

Version 1.1 March 22, Secure Installation and Operation of Your WorkCentre 4250/4260

KACE GO Mobile App 4.0. Release Notes

Xerox Security Bulletin XRX V1.0

OpenID Cloud Identity Connector. Version 1.3.x. User Guide

One Identity Active Roles Diagnostic Tools 1.2.0

KACE GO Mobile App 3.1. Release Notes

One Identity Quick Connect Express

One Identity Starling Identity Analytics & Risk Intelligence. User Guide

Entrust PartnerLink Login Instructions

SafeNet Authentication Service

Cloud Identity Management Tool Quick Start Guide

SafeNet Authentication Service

SafeNet Authentication Manager

Transcription:

CSP PARTNER APPLICATION OVERVIEW Multi-tenant application model The information provided in this document is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. 2018 Microsoft. All rights reserved. October 2018

TABLE OF CONTENTS CSP PARNTER APPLICATION... 2 CREATE A MICROSOFT PARTNER CENTER SERVICE PRINCIPAL... 2 CREATE A MULTI-TENANT APPLICATION ON THE CSP PARNTER S TENANT.... 2 APPLICATION PERMISSIONS... 3 CONSENT LINK... 4 KEY VAULT SETUP... 5 CREATE A NEW WEB APPLICATION IN CSP PARNTER S TENANT... 5 AZURE KEY VAULT SETUP... 5 AZURE KEY VAULT ACCESS... 6 PROTOTYPE CONFIGURATION... 7 PROTOTYPE HAS TWO APPLICATIONS:... 7 CONFIGURATIONS... 7 PARTNER CONSENT APPLICATION:... 7 CSP PARNTER APPLICATION:... 8 1

CSP PARNTER APPLICATION CREATE A MICROSOFT PARTNER CENTER SERVICE PRINCIPAL Create a Microsoft Partner Center service principal in the CSP partner s tenant, where the multitenant application is going to be created. NOTE: For CSP partner tenants, this service principal should already exist. If not, please create using the following steps. In a PowerShell window, run the following admin commands. 1. Install the AzureAD module. Install-Module "AzureAD" 2. Run Connect-AzureAD, this will prompt for a user name and password. Please enter the tenant admin credentials. Connect-AzureAD 3. Create a Microsoft Partner Center service principal. New-AzureADServicePrincipal -DisplayName "Microsoft Partner Center" -AppId fa3d9a0c-3fb0-42cc-9193-47c7ecd2edbd CREATE A MULTI-TENANT APPLICATION ON THE CSP PARNTER S TENANT. Please make sure that the following application properties are set for the newly created multi-tenant application. 1. Have an Application type of Web app / API 2. The Home page URL must be your application redirect URL, which will show the consent success to the partner and collect a refresh token 3. Add a key to the web application 2

APPLICATION PERMISSIONS Please make sure the following permissions are set for the multi-tenant application 1. Windows Azure Active Directory a. There should not be any direct Application Permissions to the multi-tenant application. b. Delegated Permissions are to be set to access Active Directory as the signed in user. 3

2. Microsoft Partner Center a. Grant Access Partner Center permissions under Delegated Permissions. CONSENT LINK Present the partner with the consent link and have them login with their service account to approve the CSP application to act on behalf of the service account on partner tenant. https://login.microsoftonline.com/common/oauth2/authorize?&client_id=<cspapplicationid>&resp onse_type=code&redirect_url=https://<cspapplicationurl_which_collects_refreshtoken> 4

KEY VAULT SETUP CREATE A NEW WEB APPLICATION IN CSP PARNTER S TENANT If you are using Azure Key Vault: 1. Add a key to the web application 2. Set application permissions in the Required Permissions tab a. For an Azure Key Vault app, under the Delegated Permissions section, select Have full access to the Azure Key Vault service b. For a Windows Azure Active Directory app, under the Delegated Permissions section, select Sign in and read user profile AZURE KEY VAULT SETUP Create the Azure Key Vault with the appropriate <key-vault-name> and it will result in a DNS name like: https://<key-vault-name>.vault.azure.net 5

AZURE KEY VAULT ACCESS In the access policies of the key vault, add the KeyVaultAccessApp with permissions to only manage the Get and Set aspects of a Secret. 6

PROTOTYPE CONFIGURATION PROTOTYPE HAS TWO APPLICATIONS: 1. Partner Consent: Represents a web application designed to accept consent from a CSP partner and show a success message. a. This application will setup consent and capture the refresh token of the consented user. b. The consented user s refresh token is used for generating the access token for the CSP partner tenant. 2. CSP application: Represents a primary CSP application which calls Partner Center APIs and graph APIs to perform commerce and user actions on behalf of the partner a. This application retrieves the access token for a specific audience (Partner Center APIs or graph) before calling respective APIs using the refresh token that is stored securely in the key vault CONFIGURATIONS PARTNER CONSENT APPLICATION: The web.config file has the following sections called out. Please update the values with corresponding application IDs and secrets. For your primary application, please use certificate as the web application secret instead of plain secrets because it will provide an additional layer of security. 7

<!-- AppID that represents CSP application <add key="ida:cspapplicationid" value="cspapplicationidvalue" /> <!-- Please use certificate as your client secret and deploy the certificate to your environment. The following application secret is for sample application only. please do not use secret directly from the config file. <add key="ida:cspapplicationsecret" value="cspapplicationsecretvalue" /> <!-- AppID that is given access for keyvault to store the refresh tokens <add key="ida:keyvaultclientid" value="keyvaultclientidvalue" /> <!-- Please use certificate as your client secret and deploy the certificate to your environment. The following application secret is for sample application only. please do not use secret directly from the config file. <add key="ida:keyvaultclientsecret" value="keyvaultclientsecretvalue" /> <!-- AAD instance: Global is.com, for different national clouds it changes German cloud:.de, China cloud:.cn <add key="ida:aadinstance" value="https://login.microsoftonline.com/" /> CSP PARNTER APPLICATION: The app.config file has the following sections called out. Please update the values with the corresponding application IDs and secrets. For your primary application, please use certificate as the web application secret instead of plain secrets because it will provide and additional layer of security. <!-- AppID that represents CSP application <add key="ida:cspapplicationid" value="cspapplicationidvalue" /> <!-- Please use certificate as your client secret and deploy the certificate to your environment. The following application secret is for sample application only. please do not use secret directly from the config file. <add key="ida:cspapplicationsecret" value="cspapplicationsecretvalue" /> <!-- AppID that is given access for keyvault to store the refresh tokens <add key="ida:keyvaultclientid" value="keyvaultclientidvalue" /> <!-- Please use certificate as your client secret and deploy the certificate to your environment. The following application secret is for sample application only. please do not use secret directly from the config file. <add key="ida:keyvaultclientsecret" value="keyvaultclientsecretvalue" /> <!-- AAD instance: Global is.com, for different national clouds it changes German cloud:.de, China cloud:.cn <add key="ida:aadinstance" value="https://login.microsoftonline.com/" /> 8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback