How to set up your exchange token
  • 28 Oct 2023
  • 2 Minutes to read
  • Dark
    Light
  • PDF

How to set up your exchange token

  • Dark
    Light
  • PDF

Article Summary

This feature is supported starting with the following versions of Liquit Workspace:

BranchMinimum version
3.53.5.2034 or higher
3.63.6.2150 or higher

All versions higher than 3.6 include support for this feature.

Microsoft Entra ID (Azure AD)

To take full advantage of the integration between the portal of your choice and Liquit Workspace, you need to grant the portal the permission to impersonate a user for Liquit Workspace. This will ensure the Liquit Workspace Widget will be available within the portal.

Prerequisites

Liquit Workspace needs to use a Microsoft Entra ID (Azure AD) identity source, that must have the Token Exchange authentication method enabled.

Granting user impersonation permission

To allow Azure AD to issue an exchange token, which is needed for user impersonation you need to take or verify the following steps:

  1. Log in to Azure Portal.
  2. In the Azure Portal menu, navigate to Microsoft Entra ID.
  3. In the left pane, navigate to Manage > App registrations.
  4. Select the app registration of the portal you want to give access to Liquit Workspace.
  5. In the left pane, navigate to Manage > API permissions
  6. Click Add Permission and then go to the APIs my organization uses tab.
  7. Choose the app registration of your Liquit Workspace.
  8. Go to the Delegated permissions tab and select user_impersonation.

image.png

  1. Click on the Grant admin consent for {your tenant}. It can take up to an hour before these settings take effect in Microsoft Entra ID (Azure AD).

For more information about granting API permissions in Azure Portal, see Microsoft documentation.

If user_impersonation permission is not available

If the user impersonation permission is not available, it is likely caused by an app registration created while using the preview version of the Azure Portal. To fix this, follow the steps below.

  1. Log in to Azure Portal.
  2. In the Azure Portal menu, navigate to Microsoft Entra ID.
  3. In the left pane, navigate to Manage > App registrations.
  4. Select the app registration of the portal you want to give access to Liquit Workspace.
  5. In the left pane, navigate to Manage > Expose an API.
  6. Click Add a scope.
  7. In the Add a scope pane that opens, fill in the following information:
    Scope name user_impersonation
    Who can consent Admins and users
    Admin consent display name Access Liquit Workspace
    Admin consent description Allow the application to access on behalf of the signed-in user.
    User consent display name Access Liquit Workspace
    User consent description Allow the application to access Liquit Workspace on your behalf.
    State Enabled
  8. Click Add scope.

Was this article helpful?