Before you Start

Before starting there are a few things you will need

• Admin access to your Microsoft Entra ID (Azure) environment.
• Admin access to your Maptician environment. This only applies if you are configuring the integration on your own without assistance from Maptician.

IP Presence Setup

1. Open your Microsoft Azure Account Portal and select "Azure Active Directory".

2. From your Azure Active Directory home screen, select "App registrations" in the left navigation menu. Maptician will be configured within Azure as a background service or "daemon". App registrations is where we create credentials that allow Maptician to access the Microsoft Graph API for IP presence.

3. In App registrations, press the "New registration" button.

4. In the Register an application form dialog, make the following entries:
   1. Create a name for the app (Maptician or Maptician Graph API are recommended)
   2. Ensure that the supported account types are "Single Tenant".
   3. Once these are complete, press the "Register" button to create the app object.

5. After the app has been created, copy the "Application (client) ID value" and the "Directory (tenant) ID value".
   These will be entered in Maptician's desktop app. Then navigate to "API permissions" in the left navigation menu.

6. By default, the app includes permission to read user profiles (in delegated mode).
   1. Click on the actions button (three dots) to the right of this permission entry.
   2. Delete this permission.

7. Once the permissions list is empty, press the "Add a permission" button to create the necessary permissions for this app.

8. In the Add permission interface:
   1. Select the "Microsoft Graph" API button.
       

9. Then select "Application permissions" as the type of permissions to be added.

10. In the Add permissions interface:
    1. Under AuditLog, select "AuditLog.Read.All"
    2. Under Directory, select "Directory.Read.All"
    3. When both of these are checked, press the "Add permissions" button at the bottom of the interface.

11. Adding these permissions requires consent from your Azure administrator. If you are the administrator, press the "Grant admin consent for Maptician" button, or ask your administrator to grant consent through their account.

12. Once the permissions have been granted:
    1. Select "Certificates & secrets" from the left navigation menu
    2. Then press the "New client secret" button.

13. This opens a dialog allowing you to create a secret used by Maptician to sync information. Enter a description for they key. If you plan on rotating the key, it may be useful to indicate a date or version of the secret being created. You can change the expiration date of the secret which will determine how long the secret is valid for. Maptician recommends setting the expiration date to 24 months if your company IT policies allows for this. 
    1. Please note that if the secret expires, Maptician will no longer be able to sync or access any data. It is important to rotate to a new secret prior to the expiration date.
    2. Once these have been set, press the "Add" button.

14. You will see the new secrets added to the Client secrets section. Use the copy buttons for both the Secret Value and Secret ID and store these with the values from your app home screen.

15. These values can be entered in Maptician's Settings interface, under the "Environment" menu. Once these values have been entered, press "Save Changes" to add them to your Maptician environment. Then click the "Check Connection" button to check the connectivity of the application.

16. For Maptician to utilize this connection, please go through and check the desired boxes within the "Presence" section in the settings and click "Save Changes".

Note: Maptician will not display your Secret Value once it has been saved, and it is only available in the Azure interface for a short time. Please store this value in a safe place.