Registering MaaS360 app in the Azure AD tenant
To use the Azure AD capabilities, register your application in an Azure AD tenant.
Before you begin
Make sure that you have at least one user in your Azure AD organization who is assigned the Global Administrator role. For more information about this role, see https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#global-administrator.
About this task
If you previously registered the MaaS360 app, use the following steps to modify the app configuration.
Procedure
- Sign in to the Microsoft Azure portal.
- On the home page, enter App registrations in the search bar.
- Select App registrations in the search results and click New registration.
- On the Register an application page, provide the following
application registration details:
- In the Name section, provide the display name of the application.
- In the Supported account types section, select Accounts in any organizational directory (Any Azure AD directory - Multitenant).
- In the Redirect URI (optional) section, select Web as the platform and then provide the following redirect URI: https://login.live.com/oauth20_desktop.srf.
- Click Register.
- Open the registered application and click the Redirect URIs link. This link opens the Platform configurations page where you can configure other URIs to support different authentication request modes.
- Click Add a platform and select iOS /
macOS. In the Configure your iOS or macOS app window, add the
following details.
- In the Bundle ID section, add com.fiberlink.maas360forios.
- Click Configure, and then click Done.
- In the iOS / macOS tile, click Add URI and add com.fiberlink.secureeditor.
- Click Save.
- Click Add a platform and then select
Android. In the Configure your Android app window, add
the following details.
- In the Package name section, enter com.fiberlink.maas360.android.control.
- In the Signature hash section, enter CmEXJHMZd6jmCFu2ZnAknF3r4VA=.
- Click Configure and then click Done.
- In the Android tile, click Add URI workflow
and add the following package names. Set CmEXJHMZd6jmCFu2ZnAknF3r4VA= as the
Signature hash and then click Save.
- com.fiberlink.maas360.android.secureviewer
- com.fiberlink.maas360.android.pim
- com.fiberlink.maas360.android.secureeditor
- com.fiberlink.maas360.android.docs
- Click Add a platform and then select Mobile and desktop applications.
- In the Configure Desktop + devices window, enter maas360://com.fiberlink.maas360forios in Custom redirect URIs and then click Configure.
- In the Mobile and desktop applications tile, add the following
redirect URIs and then click Save.
- maas360se://com.fiberlink.secureeditor
- maas360://com.fiberlink.maas360.enterpriseSE
- maas360://msal/auth
- maas360://adal/auth
- In the left navigation pane, select Manage and click
Manifest. Verify that the following URLs are listed in the application
manifest file:
- msauth://code/msauth.com.fiberlink.maas360forios%3A%2F%2Fauth
- msauth://code/msauth.com.fiberlink.secureeditor%3A%2F%2Fauth
- In the left navigation pane, select Manage and click API permissions.
- Click Add a permission and add the following permissions:
API Type Permission Microsoft APIs > Azure Rights Management Services Delegated permissions user_impersonation APIs my organization uses > Device Registration Service Delegated permissions self_service_device_delete The following conditions apply to this permission:- Mandatory for synchronizing device compliance status for Android and iOS in Azure Integration.
- Optional for enabling single sign-on (SSO) access for Office 365 modern authentication.
Microsoft APIs > Microsoft Graph Delegated permissions - Calendars.ReadWrite
- Calendars.ReadWrite.Shared
- Contacts.ReadWrite
- Contacts.ReadWrite.Shared
- EAS.AccessAsUser.All
- EWS.AccessAsUser.All
- Files.ReadWrite.All
- Mail.ReadWrite
- Mail.ReadWrite.Shared
- Mail.Send
- Mail.Send.Shared
- Notes.ReadWrite.All
- ShortNotes.ReadWrite
- Sites.ReadWrite.All
- Tasks.ReadWrite
- Tasks.ReadWrite.Shared
- User.Read
Microsoft APIs > SharePoint Delegated permissions - AllSites.FullControl
- AllSites.Manage
- MyFiles.Write
- Sites.Search.All
Note: For more information about API permissions, see https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent. - Click Grant admin consent for <tenant name> and then click
Yes. Admin consent is granted for the requested permissions. The Status column displays a green checkmark next to each permission to indicate that consent is now granted.
- In the left navigation pane, click Overview and then copy the Application (client) ID to use as the Client ID in MaaS360®.
Results
Your app is successfully registered in the Azure AD tenant.