Versions Compared

Version Old Version 50 New Version 51
Changes made by

Amritesh Singh

Gouri Bhagchandani (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. On the left navigation panel, navigate to Manage,select API permissions > Add a permission.

  2. On the Request API permissions window, select Microsoft Graph > Delegated permissions for the OAuth2 User account and Application permissions for the OAuth2 Application Account.

  3. Select the permissions from Files, Users, and Teams. Choose the minimum API permissions listed under Scopes and Permissions Required for Azure Active Directory.

  4. Click Add Permissions. View all the permissions added under Configured permissions.

  5. Click Grant admin consent confirmation and select Yes.

  6. Click Overview and select Add a Redirect URI. You will be redirected to the Platform configurations page.

    Image Removed Step6_App_Config_Azure_Portal_AAD.pngImage Added

    1. Under Platform configurations, click Add a platform.

    2. Select Web and specify a valid Redirect URI https://elastic.snaplogic.com/api/1/rest/admin/oauth2callback/azureactivedirectory and click Configure. A popup message displays indicating that the application is successfully updated.

  7. On the Platform configurations page, click Save.

...

  1. On the application page, under Essentials, note the Application (client) ID and Directory (tenant) ID needed for the Snap account.

    Image RemovedLocate the Application Credentials in the Azure Portal.jpgImage Added

  2. In the left navigation panel, select Manage > Certificates & secrets.

  3. On the Certificates & secrets page, click + New client secret.

  4. In the Add a client secret window, enter the Description, select an option for Expires from the dropdown list, and click Add. 

    The Client secret value and ID are generated. This value and the ID are required to configure the OAuth2 account.

...

Scopes and Permissions Required for Azure Active Directory

Application permissions

Permission

Display String

Description

Admin Consent Required?

Directory.Read.All

Directory.Read.All

Allows the app to read and write data in your organization's directory, such as users, and groups, without a signed-in user. Does not allow user or group deletion.

Yes

Directory.ReadWrite.All

Directory.ReadWrite.All

Allows the app to read and write data in your organization's directory, such as users, and groups, without a signed-in user. Does not allow user or group deletion.

Yes

Specify the Credentials And Validate the Snap account

...

If you select the Auto-refresh token checkbox, then you must provide offline_access as the Scope in the Token end point configuration.

Troubleshooting

Common Errors

Reason

Response

Error 401

Token is invalid

Provide a valid token and reauthorize the account.

The redirect URI specified does not match the reply URI configured for the application.

Incorrect redirect URI specified by user.

Add the following redirect_uri:
https://elastic.snaplogic.com/api/1/rest/admin/oauth2callback/azureactivedirectory.

URL error when invoking the operation

Ensure the tenant domain name is correct.

Ensure that Directory (tenant) ID noted from the application is in the correct format.

Example: 2060aafa-89d9-423d-9514-eac46338ec05

Frequently Asked Questions

...