How to setup your exchange token
  • 12 Feb 2021
  • 1 Minute To Read
  • Print
  • Share
  • Dark
    Light

How to setup your exchange token

  • Print
  • Share
  • Dark
    Light

This feature is supported from the following versions and up of Liquit Workspace:

Branch Minimum version
3.5 3.5.2034 or higher
3.6 3.6.2150 or higher

All versions beyond 3.6 includes support for this feature.

Azure AD

To take full advantage of the integration between the portal of your choice and Liquit Workspace it is advise to allow the app registration of the portal to impersonate a user for the Liquit Workspace. This will ensure the Liquit Workspace Widget will be available within the portal.

This integration requires that the Liquit Workspace use an Azure AD identity source. The authentication method "Token Exchange" must be enabled on this identity source!

To allow Azure AD to issue an exchange token, which is needed for user impersonation you need to take or verify the following steps:

  1. Navigate to portal.azure.com.
  2. Choose "Azure Active Directory" > "App registrations".
  3. Pick the App registration of the portal you want to give access to the Liquit Workspace.
  4. Choose "API permissions".
  5. Click the "Add a permission" button.
  6. Find the App registration of your Liquit Workspace under the "APIs my organization uses" tab.
  7. Add the "user_impersonation" permission to the app registration.

image.png

If the user impersonation permission is not available, this likely caused by an app registration created while using the preview version of the azure portal to fix this please follow the steps below and try again.

Adding the correct permission to the Liquit Workspace app registration.

  1. Navigate to portal.azure.com.
  2. Choose "Azure Active Directory" > "App registrations".
  3. Pick the App registration used to sign users into the Liquit Workspace.
  4. Choose “Expose an API”.
  5. Click the “Add a scope” button.
  6. Fill in the information as provided below.
Field Value
Scope name user_impersonation
Who can consent Admins and users
Admin consent display name Access Liquit Workspace
Admin consent description Allow the application to access on behalf of the signed-in user.
User consent display name Access Liquit Workspace
User consent description Allow the application to access Liquit Workspace on your behalf.
State Enabled
Was This Article Helpful?