Entra ID with SharePoint Online¶
Entra ID with SharePoint Online application on Hire2Retire uses OAuth based authorization for authenticating Entra ID and certificate based authorization for SharePoint Online.
By linking your Entra ID and SharePoint Online account with Hire2Retire, you can authorize RoboMQ to have a delegated access on your behalf to both applications. Hire2Retire needs the following permissions on your account to provide a seamless integration experience:
For Entra ID¶
Service Provider Application¶
| Scopes | Explanation |
|---|---|
| User.ReadWrite.All | Read and write all user's full profiles |
| Group.ReadWrite.All | Read and write all groups |
| Directory.AccessAsUser.All | Application requires this scope to reset their password. |
| offline_access | Maintain access to data you have given it access to. When a user approves the offline_access scope, your app can receive refresh tokens from the Microsoft identity platform token endpoint. Refresh tokens are long-lived. Your app can get new access tokens as older ones expire. |
Customer Owned Application¶
| Scopes | Permission Type | Explanation |
|---|---|---|
| User.ReadWrite.All | Application | Allows the user to read and update the user profiles without a signed in user. |
| Group.ReadWrite.All | Application | Allows the app to create groups, read all group properties and memberships, update group properties and memberships, and delete groups. Also allows the app to read and write conversations. All of these operations can be performed by the app without a signed-in user. |
| Directory.ReadWrite.All | Application | Application requires this scope to reset their password. |
| User.EnableDisableAccount.All | Application | Grants the ability to enable or disable any user account within the Entra ID tenant. |
Create a Connection¶
Entra ID Connection: Service Provider Application¶
You need to have an Entra ID account before using Entra ID application on Hire2Retire.
On clicking the 'Link Account' button, you will be redirected to Microsoft Account Authorization screen. and then enter the account details to use the Entra ID for this flow
One also need admin consent. After entering acount details you will be redirected to microsoft admin approval pannel, enter justification for requesting and click on Request approval.
From the Entra ID Admin portal, click on Review permissions and consent option to approve the request
By allowing access, you are authorizing RoboMQ to access your Entra ID account and make changes based on changes in HR data.
SharePoint Online Connection¶
To establish SharePoint Online connection, you need to have an application registered on your tenant with required permissions. You can either register a new application or use an existing application and add the required permissions.
Hire2Retire requires the following details to create a connection.
- Client Id - Entra ID Application's Unique Identifier.
- Tenant Id - Unique identifier of the Entra ID instance.
- SharePoint Online Admin Site URL - A unique web address used by SharePoint Online administrators to access the SharePoint Admin Center.
If you can't find these values, refer to our detailed guide
Entra ID Connection: Customer Owned Application¶
To establish SharePoint Online connection, you need to have an application registered on your tenant with required permissions. Add the required permissions to the existing application.
- Entra ID National cloud - Select the specific national or regional instance of a cloud service, such as Microsoft Entra ID National Cloud, tailored to meet local regulatory and compliance needs.
- Client Id - Entra ID Application's Unique Identifier.
- Tenant Id - Unique identifier of the Entra ID instance.
- SharePoint Online Admin Site URL - A unique web address used by SharePoint Online administrators to access the SharePoint Admin Center.
If you can't find these values, refer to our detailed guide
Certificate¶
Certificates enable your application to authenticate independently, elminating the need for user interaction during runtime. As a confidential client application, Hire2Retire will utilize these certificates to authenticate itself for automated tasks.
Follow the steps below to upload the certificate:
- Download the certificate from the Hire2Retire connection UI.
- In your registered application, select
Certificates & secrets>Certificates>Upload certificate - Upload the certificate.
