Contents x
    How to set up your exchange token
    • 17 Sep 2024
    • 2 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    How to set up your exchange token

    • Updated on 17 Sep 2024
    • 2 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Article summary

    This feature is supported starting with the following versions of Liquit Workspace:

    BranchMinimum version
    3.53.5.2034 or higher
    3.63.6.2150 or higher

    All versions higher than 3.6 include support for this feature.

    Features missing in a portal

    If you use portal integration and the portal does not supports certain features of Liquit Workspace, we recommend you contact the support department of portal.

    Microsoft Entra ID (Azure AD)

    To take full advantage of the integration between the portal of your choice and Liquit Workspace, you need to grant the portal the permission to impersonate a user for Liquit Workspace. This will ensure the Liquit Workspace Widget will be available within the portal.

    Prerequisites

    Liquit Workspace needs to use a Microsoft Entra ID (Azure AD) identity source, that must have the Token Exchange authentication method enabled.

    Granting user impersonation permission

    To allow Azure AD to issue an exchange token, which is needed for user impersonation you need to take or verify the following steps:

    1. Log in to Azure Portal.
    2. In the Azure Portal menu, navigate to Microsoft Entra ID.
    3. In the left pane, navigate to Manage > App registrations.
    4. Select the app registration of the portal you want to give access to Liquit Workspace.
    5. In the left pane, navigate to Manage > API permissions
    6. Click Add Permission and then go to the APIs my organization uses tab.
    7. Choose the app registration of your Liquit Workspace.
    8. Go to the Delegated permissions tab and select user_impersonation.

    image.png

    1. Click on the Grant admin consent for {your tenant}. It can take up to an hour before these settings take effect in Microsoft Entra ID (Azure AD).

    For more information about granting API permissions in Azure Portal, see Microsoft documentation.

    If user_impersonation permission is not available

    If the user impersonation permission is not available, it is likely caused by an app registration created while using the preview version of the Azure Portal. To fix this, follow the steps below.

    1. Log in to Azure Portal.
    2. In the Azure Portal menu, navigate to Microsoft Entra ID.
    3. In the left pane, navigate to Manage > App registrations.
    4. Select the app registration of the portal you want to give access to Liquit Workspace.
    5. In the left pane, navigate to Manage > Expose an API.
    6. Click Add a scope.
    7. In the Add a scope pane that opens, fill in the following information:
      Scope name user_impersonation
      Who can consent Admins and users
      Admin consent display name Access Liquit Workspace
      Admin consent description Allow the application to access on behalf of the signed-in user.
      User consent display name Access Liquit Workspace
      User consent description Allow the application to access Liquit Workspace on your behalf.
      State Enabled
    8. Click Add scope.
    Was this article helpful?
    What's Next