How to setup your exchange token
- Updated On 12 Feb 2021
- 1 Minute To Read
-
Print
-
DarkLight
This feature is supported from the following versions and up of Liquit Workspace:
Branch | Minimum version |
---|---|
3.5 | 3.5.2034 or higher |
3.6 | 3.6.2150 or higher |
All versions beyond 3.6 includes support for this feature.
Azure AD
To take full advantage of the integration between the portal of your choice and Liquit Workspace it is advise to allow the app registration of the portal to impersonate a user for the Liquit Workspace. This will ensure the Liquit Workspace Widget will be available within the portal.
This integration requires that the Liquit Workspace use an Azure AD identity source. The authentication method "Token Exchange" must be enabled on this identity source!
To allow Azure AD to issue an exchange token, which is needed for user impersonation you need to take or verify the following steps:
- Navigate to portal.azure.com.
- Choose "Azure Active Directory" > "App registrations".
- Pick the App registration of the portal you want to give access to the Liquit Workspace.
- Choose "API permissions".
- Click the "Add a permission" button.
- Find the App registration of your Liquit Workspace under the "APIs my organization uses" tab.
- Add the "user_impersonation" permission to the app registration.
If the user impersonation permission is not available, this likely caused by an app registration created while using the preview version of the azure portal to fix this please follow the steps below and try again.
Adding the correct permission to the Liquit Workspace app registration.
- Navigate to portal.azure.com.
- Choose "Azure Active Directory" > "App registrations".
- Pick the App registration used to sign users into the Liquit Workspace.
- Choose “Expose an API”.
- Click the “Add a scope” button.
- Fill in the information as provided below.
Field | Value |
---|---|
Scope name | user_impersonation |
Who can consent | Admins and users |
Admin consent display name | Access Liquit Workspace |
Admin consent description | Allow the application to access |
User consent display name | Access Liquit Workspace |
User consent description | Allow the application to access Liquit Workspace on your behalf. |
State | Enabled |