You are here: Before You Start > Prerequisites > Office 365 (Exchange Online) > How to create manually a custom Promodag application in Azure AD

How to create manually a custom Promodag application in Azure AD

Promodag Reports now uses Certificate-Based authentication instead of the old User-Based authentication method . This requires that an application with the necessary permissions be created in Azure and that you allow this application to interact with your tenant.

For your convenience, Promodag provides a PowerShell script to automatically create this Promodag Reports Application that you can authorize to access your tenant along with the corresponding certificate. However, it is possible that your company's security policy requires you to create a custom application and certificate yourself.

Step 1: Generate and export a self-signed certificate with PowerShell

The first step is to generate a self-signed x.509 certificate which will serve as an authentication between your application and Promodag Reports.

Open an elevated (run as administrator) Windows PowerShell session to create a self-signed certificate and export it to .cer and .pfx formats.

For example, here is how to create a self-signed certificate with the name “Promodag Reports App” with a validity period of two years from now on and P@ssw0rd1234 as password. The certificate will be stored in the personal store of the currently logged user.

$mycert = New-SelfSignedCertificate -CertStoreLocation "cert:\CurrentUser\My" -NotAfter (Get-Date).AddYears(2) -KeySpec KeyExchange -Subject "Promodag Reports Application"

Once created, export the certificate under a pfx format with the password P@ssw0Rd1234. The pfx certificate will be used by Promodag reports as well as the password.

$mycert | Export-PfxCertificate -FilePath promodagReports.pfx -Password $(ConvertTo-SecureString -String "P@ssw0Rd1234" -AsPlainText -Force)

Then export to a cer certificate file that will be used by your Azure application.

$mycert | Export-Certificate -FilePath promodagReports.cer

Step 2: Register a custom Promodag Reports application in Azure AD

Open the Azure AD portal at https://portal.azure.com/.
Under Manage Azure Active Directory, click View.
On the Overview page that opens, under Manage, select App registrations.
On the App registrations page that opens, click New registration.
On the Register an application page that opens, configure the following settings:

Name: Enter something descriptive. For example, Promodag Reports Custom.
Supported account types: Verify that Accounts in this organizational directory only (<YourOrganizationName> only - Single tenant) is selected.

When you're finished, click Register.

Step 3: Assign the appropriate permissions to the application

On the app page under Manage, select Manifest.
On the Manifest page that opens, find the requiredResourceAccess entry (on or about line 47).
Modify the resourceAppId, resourceAccess, id, and type values as shown in the following code snippet without forgetting the ], at the end:

"requiredResourceAccess": [

{

"resourceAppId": "00000003-0000-0ff1-ce00-000000000000",

"resourceAccess": [

{

"id": "20d37865-089c-4dee-8c41-6967602d4ac8",

"type": "Role"

}

]

{

"resourceAppId": "00000002-0000-0ff1-ce00-000000000000",

"resourceAccess": [

{

"id": "dc890d15-9560-4a4c-9b7f-a736ec74ec40",

"type": "Role"

{

"id": "dc50a0fb-09a3-484d-be87-e023b12c6440",

"type": "Role"

}

]

{

"resourceAppId": "00000003-0000-0000-c000-000000000000",

"resourceAccess": [

{

"id": "df021288-bdef-4463-88db-98f22de89214",

"type": "Role"

}

]

}

When you're finished, click Save.

Step 4: Approve the application in the Office 365 tenant

Still on the Manifest page, under Manage, select API permissions.
On the API permissions page that opens, do the following steps:

API/permission name: Verify the following values are shown.
- Microsoft Graph : User.Read.All
- Office 365 Exchange Online : Exchange.ManageAsApp and full_access_as_app.
- SharePoint: Sites.Selected.

Note: The details of each of these permissions are described here: Office 365 permissions. To revoke or remove some of them, see Remove or revoke specific permissions.

Status column: The current incorrect value is Not granted for <Organization>, and this value needs to be changed.

Select Grant admin consent for <Organization>, read the confirmation dialog that opens, and then click Yes.

The value of the Status column should now be Granted for <Organization>.

Step 5: Import the certificate created in step 1

On the application page, under Manage, select Certificates & secrets.
On the Certificates & secrets page that opens, open the Certificates tab and click Upload certificate.
In the dialog that opens, browse to the self-signed certificate (.cer file) that you created in Step 1 and click Add.

Your application is now created.

Note: You can use your own certificate if required, and delete/update any existing one. See Replace or renew the certificate.

Step 6: Assign the required role to the application

To assign the required role to this custom application, refer to the common procedure: Assign the Global Reader role to the Promodag Reports Application

Step 7: Define the custom application in Promodag Reports

Start Promodag Reports and go to Tools > Options.
Open the Office 365 Configuration tab.

In the Application ID field, paste the application ID that you pasted into Notepad in step 2.
In the Certificate file field, enter the path to the .pfx certificate you created in step 1.
In the Certificate password field, paste the password for this certificate.
Click OK to return to the Office 365 Configuration tab.
Click the Verify Connection link to validate your settings.