This article discusses how to setup Quicklaunch to use Graph API to access your enterprise calendars, email and user profile information using your own app registration with a certificate. For other options, please see: https://quicklaunch.ucworkspace.com/en/support/solutions/articles/3000101635-setting-up-graph-api


Using a certificate ensures there is no customer secret info stored in Quicklaunch.



CAUTION: this is an advanced setup and is not supported by UC Workspace.  Setting up Graph API using your own app registration requires a solid understanding of Azure Active Directory and Azure App Registration.  UC workspace can help with your Azure setup through our paid configuration services.



Contents

1. Prerequisites

2. Get your Certificate

3. Setting Up your App Registration in Azure Portal

4. Setting Up Quicklaunch to use your App Registration


1. Prerequisites

In order to setup Quicklaunch with Graph API you will require an Azure administrator.  This is to give permissions, and set up the App registration. Setting up Graph API using your own app registration requires a solid understanding of Azure Active Directory and Azure App Registration. Caution: UC Workspace does not support custom Azure configurations for Graph API.



2. Create a Certificate


1. Using powershell, create a certificate.  This will automatically add the certificate to the Credential Manager.    See this link for more information:  https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal#upload-a-certificate-or-create-a-secret-for-signing-in 


2. Export the Certificate.

  • Open "Manage User Certificates"
  • Find the certificate you created and export it without the private key, can be a DER encoded x.509


3. Setting Up your App Registration in Azure Portal


1. Have your administrator create an App Registration

2. It must have the following Authentication redirect URIs

3. It must have the following "Microsoft Graph" delegated and application API permissions


User.Read.All permission is optional. It is used to lookup room account Display Name, All Organizer Images within the organization, autocomplete the email field in add participant and group email. Calendar settings must be turned off if not granting User.Read.All permission.
Image

User.Read and User.Read.All  permissions are optional. Delegate permissions are required for Change User and System Check-in features. Make sure to disable these features in Quicklaunch Settings if permissions are not granted.


4. Add your Certificate to Azure






4. Setting Up Quicklaunch to use your App Registration


In the setup wizard or the Settings accounts login screen, set the Calendar Authentication to "Graph Customer Secret"

Enter the Application Registration ID and Certificate thumbprint.  


If you have already granted consent, enter the Tenant ID.  If you have not granted consent, leave the tenant ID blank and click on "Grant Consent to Quicklaunch"