Register EZ2ID App in Azure AD

EZ2ID relies on the users from Azure Active Directory for the address list and on Exchange Online for personal contacts which may be maintained in Microsoft Outlook.

Depending on the Office 365 tenant configuration, a user can consent to allow EZ2ID to access the contact data. Some Office 365 tenant security configurations may prevent an regular user account to allow access to the contacts in the tenant.

EZ2ID use the native Microsoft API for authentication and needs to be registered in Office 365.

The Azure Application Access Model requires to request permissions for each operation. EZ2ID. Details about enterprise applications are described in the Microsoft Docs (https://docs.microsoft.com/en-us/graph/permissions-reference#user-permissions).

 

Display String Permission Description Admin consent required
Sign in and read user profile      
Read all users’ full profiles User.Read.all Allows the app to read the full set of profile properties, reports, and managers of other users in your organization, on behalf of the signed-in user. Yes
Read all users’ basic profiles User.ReadBasic.All Allows the app to read a basic set of profile properties of other users in your organization on behalf of the signed-in user. This includes display name, first and last name, email address, open extensions and photo. Also allows the app to read the full profile of the signed-in user. No
Have full access to user contacts Contacts.ReadWrite Allows the app to create, read, update, and delete user contacts. No
Sign users in      
View users’ basic profile      
Maintain access to data you have given it access to      

Step 1 – Prepare the Enterprise application registration

  1. Make sure you have an account with the Azure AD “Global Administrator” or the “Application administrator” role assigned.
  2. Open the Azure AD Portal in your browser (https://aad.portal.azure.com)
  3. On the left side, click on “Azure Active Directory” (1) and select “Enterprise applications”



  4. In the “Enterprise applications” tab, switch to “User settings”.
  5. Make sure that “User can request admin consent to apps they are unable to consent to” is set to “Yes” (2)
  6. Add your account which is a member of “Global administrator” or “Application administrator” role as a reviewer (3)
  7. Click on “Save” to save the changes.

Note: It may take a few minutes until the changes take effect.

Step 2 – Register EZ2ID with Azure AD

After making sure users can send consent requests, EZ2ID can send a consent request.

  1. Install EZ2ID on your iPhone by downloading it from the App Store.
  2. Open the EZ2ID app and tap on “Sign in with Office 365”
  3. Enter your account credentials



  4. You’ll now see the Consent request screen.
  5. Add the purpose of your request in the comment field (1) and click on “Request approval”


  6. Switch back to the Azure AD Portal in the „Enterprise applications“ tab and select „Admin consent request“.
  7. Approve the admin consent request.