Office 365 for Kora SSO
In case your organization uses O365, you might want to integrate the same with Kora so that your employees can access the Kora application using the existing O365 credentials.
In this post, we will outline the steps needed to enable Single Sign-On using O365. For this, you need to create the Azure Active Directory client application for configuration details.
Register Kora with Azure
The first step would be to register a new application from the Azure portal
- Sign in to the Azure portal.
- If your account has access to more than one tenant, select your account from the top right corner, and set your portal session to the required Azure AD tenant.
- From the left-hand navigation pane, select the Azure Active Directory service
- Select App registrations -> New registration.
- On the Register an application page, enter your application’s registration information like name, supported account types, and other details.
- Azure AD assigns a unique application (client) ID to your app, and you will be directed to the application’s Overview page.
- You can choose to configure other options like branding, certificates and secrets, API permissions, and more.
- Redirect URI (optional) – Select the type of app you’re building, Web or Public client (mobile & desktop), and then enter the redirect URI (or reply URL) for your application.
- Add the following API permissions, as per your needs:
- Calendars.Read – to read user calendars;
- Calendars.Read.Shared – to read user and shared calendars;
- Calendars.ReadWrite – for full access to user calendars;
- Calendars.ReadWrite.Shared – to Read and write user and shared calendars;
- email – to View users’ email address;
- offline_access – Maintain access to data you have given it access to;
- openid – Sign users in;
- profile – View users’ basic profile;
- Contacts.Read – Read user contacts;
- Contacts.Read.Shared – Read user and shared contacts;
- Contacts.ReadWrite – Have full access to user contacts;
- Contacts.ReadWrite.Shared – Read and write user and shared contacts;
- Directory.AccessAsUser.All – Access directory as the signed in user;
- Directory.Read.All – Read directory data;
- Directory.ReadWrite.All – Read and write directory data;
- Files.Read – Read user files;
- Files.Read.All – Read all files that user can access;
- Files.Read.Selected – Read files that the user selects (preview).
Files.ReadWrite.All #Have full access to all files user can access
Files.ReadWrite.Selected #Read and write files that the user selects (preview)
OrgContact.Read.All #Read organizational contacts
Mail.Read #Read user mail
Sites.Read.All #Read items in all site collections
EWS.AccessAsUser.All #Access mailboxes as the signed-in user via Exchange Web Services
People.Read #Read users’ relevant people lists
Credentials needed for Kora
To add a credential to your web application:
- From the app’s Overview page, select the Certificates & secrets section.
- To add a certificate, follow these steps:
- Select Upload certificate.
- Select the file you’d like to upload. It must be one of the following file types: .cer, .pem, .crt.
- Select Add.
- To add a client secret, follow these steps:
- Select New client secret.
- Add a description for your client secret.
- Select a duration.
- Select Add.
- Use these in the Kora Enterprise Admin console Security page.