You are here: Before You Start > Prerequisites > Certificate-based authentication to Office 365

Certificate-based authentication to Office 365

If your company's security policy doesn't allow you to use an account and password to access Office 365 or if you use MFA, you can skip the User-based authentication mode and use the Certificate-based authentication mode instead. You can make this choice in the Configuration Wizard or in the Office 365 configuration tab of Tools > Options.

Create the certificate and the Promodag Reports Application

Please follow these steps to create the Promodag Reports Application, the certificate and register them in Azure AD:

Prerequisites

The computer's operating system version must be greater than or equal to Windows 10/Windows Server 2016.

The AzureAD PowerShell module should be installed on the computer. It if is not, please proceed with these steps:

  1. Click and search for PowerShell > Windows PowerShell and run it as administrator.
  2. Install the AzureAD module: Install-Module AzureAD -Scope CurrentUser

Create the certificate and application using the provided script

These steps will enable you to create a self-signed certificate valid for two years in the same directory as the script, and an application named "Promodag Reports Application" in Azure to access your tenant.

  1. Navigate to the script directory: C:\Users\Public\Documents\Promodag\Reports\  
  2. Run the script: .\CreateRepexApp.ps1
  3. Enter certificate password at prompt and write it down.
  4. The script will proceed and you will be prompted to sign-in to Office 365. Use a Global Administrator account.
  5. A certificate valid for 2 years has now been created in the script directory with the name "RepexAppCertificate.pfx". The application has been created in Azure with the name "Promodag Reports Application".
  6. The script displays the summary information to be used in Promodag Reports: Application ID and certificate path, plus a link to connect to Azure and authorize the newly created application. This information is then saved into a file in the current directory.

Authorize this new application in Azure

Grant admin consent

  1. Paste the link displayed in a web browser to connect to Azure. The Promodag Reports Application | API permissions page opens.
  2. Click Grant admin consent for <name of your Office 365 tenant>.
  3. Review the permissions granted to the application (see details of each permission here: Office 365 permissions).

Optional: You can delete the self-signed certificate and use your own if you prefer. See Replace or renew the certificate.

Assign the Global Reader role to the Promodag Reports Application

Please follow these steps to assign the Global Reader role to the Promodag Reports Application in Azure AD:

  1. On the Azure AD portal at https://portal.azure.com/, under Manage Azure Active Directory, click View.
  2. On the Overview page that opens, under Manage, select Roles and administrators.
  3. On the Roles and administrators page that opens, find and select the Global Reader role by clicking on the name of the role (not the check box) in the results.
  4. On the Global Reader | Assignments page that opens, click Add assignments.
  5. In the Add assignments page that opens, click No member selected under Select member(s)* and select the previously created Promodag Reports Application. You can use the Application ID set in the Office 365 configuration tab of Tools > Options to identify it if several Promodag applications are listed.
  6. When you're finished, click Assign.
  7. Back on the Global Reader | Assignments page, verify that the Promodag Reports Application has been assigned to the Global Reader role.

Apply "Promodag Reports Application" settings to Promodag Reports

Please make sure that you have retrieved the following information the first step:

  1. In Promodag Reports, go to Tools > Options, Office 365 configuration.
  2. Select Certificate-based authentication.
  3. Enter the Application ID, Certificate file path and Certificate password in the corresponding fields.
  4. Click the Check validity link to verify the certificate expiration date.  
  5. Click the Check connection links to verify that Promodag Reports can connect to your tenant using the Azure application and the certificate.
of