Promodag Reports now uses Certificate-Based authentication instead of the old User-Based authentication method . This requires that an application with the necessary permissions be created in Azure and that you allow this application to interact with your tenant.
For your convenience, Promodag provides a PowerShell script to automatically create this Promodag Reports Application that you can authorize to access your tenant along with the corresponding certificate. However, it is possible that your company's security policy requires you to create a custom application and certificate yourself.
The first step is to generate a self-signed x.509 certificate which will serve as an authentication between your application and Promodag Reports.
Open an elevated (run as administrator) Windows PowerShell session to create a self-signed certificate and export it to .cer and .pfx formats.
For example, here is how to create a self-signed certificate with the name “Promodag Reports App” with a validity period of two years from now on and P@ssw0rd1234 as password. The certificate will be stored in the personal store of the currently logged user.
$mycert = New-SelfSignedCertificate -CertStoreLocation "cert:\CurrentUser\My" -NotAfter (Get-Date).AddYears(2) -KeySpec KeyExchange -Subject "Promodag Reports Application"
Once created, export the certificate under a pfx format with the password P@ssw0Rd1234. The pfx certificate will be used by Promodag reports as well as the password.
$mycert | Export-PfxCertificate -FilePath promodagReports.pfx -Password $(ConvertTo-SecureString -String "P@ssw0Rd1234" -AsPlainText -Force)
Then export to a cer certificate file that will be used by your Azure application.
$mycert | Export-Certificate -FilePath promodagReports.cer
Open the Azure AD portal at https://portal.azure.com/.
When you're finished, click Register.
"requiredResourceAccess": [
{
"resourceAppId": "00000003-0000-0ff1-ce00-000000000000",
"resourceAccess": [
{
"id": "20d37865-089c-4dee-8c41-6967602d4ac8",
"type": "Role"
}
]
},
{
"resourceAppId": "00000002-0000-0ff1-ce00-000000000000",
"resourceAccess": [
{
"id": "dc890d15-9560-4a4c-9b7f-a736ec74ec40",
"type": "Role"
},
{
"id": "dc50a0fb-09a3-484d-be87-e023b12c6440",
"type": "Role"
}
]
},
{
"resourceAppId": "00000003-0000-0000-c000-000000000000",
"resourceAccess": [
{
"id": "df021288-bdef-4463-88db-98f22de89214",
"type": "Role"
}
]
}
],
When you're finished, click Save.
Note: The details of each of these permissions are described here: Office 365 permissions. To revoke or remove some of them, see Remove or revoke specific permissions.
Select Grant admin consent for <Organization>, read the confirmation dialog that opens, and then click Yes.
The value of the Status column should now be Granted for <Organization>.
Your application is now created.
Note: You can use your own certificate if required, and delete/update any existing one. See Replace or renew the certificate.
To assign the required role to this custom application, refer to the common procedure: Assign the Global Reader role to the Promodag Reports Application