Registering MaaS360 app in the Microsoft Entra ID tenant

Any application that wants to use the capabilities of Microsoft Entra ID must be registered in a Microsoft Entra ID tenant.

Before you begin

Ensure that you have at least one user in your Microsoft Entra ID organization that is assigned to the Global Administrator role. For more information about this role, see https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/permissions-reference#global-administrator.

About this task

You can register your app in the Microsoft Entra ID tenant.
Note: If you have previously registered the MaaS360 app, ensure that you follow these steps to modify the app configuration.

Procedure

  1. Sign in to the Microsoft Entra ID.
  2. In the Microsoft Entra Services section, select App registrations.
    The App registrations page is displayed.
  3. Click New registration.
    The Register an application page is displayed.
  4. Provide the following application registration details:
    1. In the Name section, provide the display name of the application.
    2. In the Supported account types section, select Accounts in any organizational directory (Any Microsoft Entra ID - Multitenant).
    3. In the Redirect URI (optional) section, select Web and then provide the following redirect URI: https://login.live.com/oauth20_desktop.srf
    4. Click Register.
      The app is successfully created.
  5. Open the registered application and then click the Redirect URIs link to configure other URIs that are required by the application to support different authentication request modes.
    The Platform configurations page is displayed.
  6. Click Add a Platform and then select the iOS / macOS tile.
    The Configure your iOS or macOS app window is displayed.
    1. In the Bundle ID section, add the following Bundle ID: com.fiberlink.maas360forios
    2. Click Configure, and then click Done.
    3. Click Add URI in the iOS / macOS tile and then add the following Bundle ID: com.fiberlink.secureeditor
    4. Click Save.
  7. Click Add a Platform and then select Android.
    The Configure your Android app window is displayed.
    1. In the Package name section, enter com.fiberlink.maas360.android.control
    2. In the Signature hash section, enter CmEXJHMZd6jmCFu2ZnAknF3r4VA=
    3. Click Configure and then click Done.
  8. Use the Add URI workflow to add the following Signature hash and package names to the Android tile.
    Package names Signature hash
    com.fiberlink.maas360.android.secureviewer CmEXJHMZd6jmCFu2ZnAknF3r4VA=
    com.fiberlink.maas360.android.pim
    com.fiberlink.maas360.android.secureeditor
    com.fiberlink.maas360.android.docs
  9. Click Save.
  10. Click Add a platform and then select Mobile and desktop applications.
    The Configure Desktop + devices window is displayed.
  11. In Custom redirect URIs, enter maas360://com.fiberlink.maas360forios and then click Configure.
  12. In the Mobile and desktop applications tile, add the following redirect URIs and then click Save.
    • maas360se://com.fiberlink.secureeditor
    • maas360://com.fiberlink.maas360.enterpriseSE
    • maas360://msal/auth
    • maas360://adal/auth
  13. In the left navigation pane, click Manifest and verify that the following URLs are listed in the application manifest file:
    • msauth://code/msauth.com.fiberlink.maas360forios%3A%2F%2Fauth
    • msauth://code/msauth.com.fiberlink.secureeditor%3A%2F%2Fauth
  14. In the left navigation pane, click API permissions and add the following permissions:
    For Single Sign On and conditional access, the following API permissions are required
    API Permission Type
    Microsoft APIs > Azure Rights Management Services user_impersonation Delegated
    APIs my organization uses > Device Registration Service
    Note: The following conditions apply to this permission:
    • Mandatory for synchronizing device compliance status for Android and iOS in Microsoft Entra integration
    • Optional for enabling single sign-on (SSO) access for Office 365 modern authentication
    		 self_service_device_delete Delegated
    Microsoft APIs > Microsoft Graph User.Read Delegated
    For Modern Authentication configuration for MaaS360® Mail and docs, the following API permissions are also required.
    Microsoft APIs > Microsoft Graph
    • Calendars.ReadWrite
    • Calendars.ReadWrite.Shared
    • Contacts.ReadWrite
    • Contacts.ReadWrite.Shared
    • EAS.AccessAsUser.All
    • EWS.AccessAsUser.All
    • Files.ReadWrite.All
    • Mail.ReadWrite
    • Mail.ReadWrite.Shared
    • Mail.Send
    • Mail.Send.Shared
    • Notes.ReadWrite.All
    • ShortNotes.ReadWrite
    • Sites.ReadWrite.All
    • Tasks.ReadWrite
    • Tasks.ReadWrite.Shared
    • User.Read
    		 Delegated
    Microsoft APIs > SharePoint
    • AllSites.FullControl
    • AllSites.Manage
    • MyFiles.Write
    • Sites.Search.All
    		 Delegated
    Note: For more information about API permissions, see https://learn.microsoft.com/en-us/entra/identity-platform/permissions-consent-overview.
  15. Click Grant admin consent for <tenant name>.
    Admin consent is granted for the requested permissions. The Status column shows a green checkmark next to each permission to indicate that consent is granted.
  16. In the left navigation pane, click Overview and then copy the Application (client) ID.
    Note: The Application (client) ID is used in MaaS360 as the Client ID.