This article discusses how to setup Quicklaunch to use Graph API to access your enterprise calendars, email and user profile information using your own app registration with a certificate. For other options, please see: https://quicklaunch.ucworkspace.com/en/support/solutions/articles/3000101635-setting-up-graph-api


Using a certificate ensures there is no customer secret info stored in Quicklaunch.


Contents

1. Prerequisites

2. Get your Certificate

3. Setting Up your App Registration in Azure Portal

4. Setting Up Quicklaunch to use your App Registration


1. Prerequisites

In order to setup Quicklaunch with Graph API you will require an Azure administrator.  This is to give permissions, and set up the App registration. Setting up Graph API using your own app registration requires a solid understanding of Azure Active Directory, Azure App Registration, certificate creation and credential manager.  If you need assistance with setting up these items, we offer configuration services.  Please see this page for more information.



2. Create a Certificate


1. Using powershell, create a certificate.  This will automatically add the certificate to the Credential Manager.    See this link for more information:  https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal#upload-a-certificate-or-create-a-secret-for-signing-in 


2. Export the Certificate.

  • Open "Manage User Certificates"
  • Find the certificate you created and export it without the private key, can be a DER encoded x.509


3. Setting Up your App Registration in Azure Portal


1. Have your administrator create an App Registration

2. It must have the following Authentication redirect URIs

3. It must have the following "Microsoft Graph" delegated and application API permissions



4. Add your Certificate to Azure






4. Setting Up Quicklaunch to use your App Registration


In the setup wizard or the Settings accounts login screen, set the Calendar Authentication to "Graph Customer Secret"

Enter the Application Registration ID and Certificate thumbprint.  


If you have already granted consent, enter the Tenant ID.  If you have not granted consent, leave the tenant ID blank and click on "Grant Consent to Quicklaunch"