Seamless Azure AD Integration: Step-by-Step Guide for NordicScreen Q-Cal

Create Azure app for AD-Integration

Introduction

This guide provides a step-by-step walkthrough for setting up an Azure App for Active Directory (AD) integration between Office 365 and NordicScreen Q-Cal. The guide is divided into two steps:
1. Setting up the Azure App in the Azure Portal
2. Configuring the integration in Q-Cal

Each section includes detailed steps to ensure a smooth setup process. If you need additional assistance, a Frequently Asked Questions (FAQ) section is available at the end of the guide.

Step 1: Setting Up Azure App in Azure Portal

1. Create App registration in Azure.

2. Click on App registrations
Microsoft Azure dashboard highlighting the 'App registrations' option for setting up new applications.


3. Click on New registration
Microsoft Azure 'App registrations' page with an option for 'New registration' highlighted for adding a new application.


4. Type "NordicScreen - Q-Cal AD"
Microsoft Azure application registration form with 'Name' field filled as 'NordicScreen - Q-Cal AD' for a new application setup.


5. Click on Register
Register button and policy agreement on Microsoft Azure app registration page.


6. Click on API permissions
API permissions section in Microsoft Azure App registration menu.


7. Click on Add a permission
Add a permission button in the API permissions section of Azure App Registration.


8. Click on Microsoft Graph
Microsoft Graph API option selected for requesting permissions in Microsoft Azure.


9. Click on Your application runs as a background service or daemon without a signed-in user.
Option for Application permissions selected indicating the app runs as a background service without a signed-in user.


10. Type "directory"



11. Click on Expand
Microsoft Azure app registration process highlighting the selection of 'Directory' permission within the API permissions setup.


12. Click on Directory.Read.All
Microsoft Azure API permissions selection interface showing 'Directory.Read.All' permission with admin consent required.


13. Type "group"
Microsoft Azure interface showing API permissions for Microsoft Graph with options for Group, GroupMember, and other permissions, indicating admin consent is required


14. Click on Expand
Microsoft Azure permissions selection window with 'Group' highlighted as a potential permission to add for an application's API access.


15. Click on Group.Read.All
Microsoft Azure API permissions for 'Group' with 'Group.Read.All' option to read all group data selected and marked as requiring admin consent.


16. Type Group Member
API permission request in Microsoft Graph for 'Group.Read.All' to read all group data, with admin consent required highlighted.


17. Click on Expand



18. Click on GroupMember.Read.All
Checkbox selected for Microsoft Graph permission 'GroupMember.Read.All' to read all group memberships, with admin consent confirmed as 'Yes'.


19. Type "user"


20. Click on Expand
Screenshot of Microsoft Graph API permissions selection with 'User' permission highlighted for addition.


21. Click on User.Read.All
Microsoft Graph API permissions interface showing 'User.Read.All' permission selected to read all users' full profiles.


22. Click on Add permissions
Microsoft Azure permissions selection for 'User.Read.All' with 'Add permissions' button highlighted.


23. Click on Certificates & secrets



24. Click on New client secret



25. Type "NordicScreen - Q-Cal AD"
Dialog for creating a new client secret in Microsoft Azure with the name 'NordicScreen - Q-Cal AD' entered.


26. Click on Expires
Options for client secret expiration in Microsoft Azure, with a recommended duration of 180 days (6 months) highlighted.


27. Click on 730 days (24 months)
Dropdown menu selection for a client secret expiration term of 730 days (24 months) in Microsoft Azure settings.


28. Click on Add
Button for 'Add' next to 'Cancel' on a blank configuration screen, likely in a setup or registration process.


29. Click on Certificates & secrets



30. Copy "Value" and pas in a email (Used in part two of the guide)
Client secret details blurred out for security, with a visible 'Copy to clipboard' icon next to the secret ID for user convenience.


31. Copy "Secret" and pas in a email (Used in part to of the guide)



32. Click on Overview
Click on Overview

33. Copy "Application (client) ID" and pas in a email (Used in part to of the guide)
Application ID and directory (tenant) ID details displayed for NordicScreen - Q-Cal AD in Microsoft Azure, with a clipboard icon indicating the option to copy these IDs.

Step 2: Configuring the Integration in Q-Cal

1.Go to Setup.


2. Click on Client Import.


3. Click on +.


4. Select Microsoft Azure AD.


5. Name the integration, e.g., Azure AD Integration.


6. Click on Azure Active Directory Configuration.


7. Enter the Application ID.


8. Enter the Application Key. Note: This should be the Value, not the secret key.


9. Enter your domain, e.g., nordicscreen.com.


10. Click on Save.


11. Activate the module by clicking on Enable Module.


12. Click on AD Groups.


13. Once the integration is correctly set up, all groups from Azure AD will appear. Select the groups Q-Cal should listen to and move them to Selected Groups.


14. Click on Save & Close.


Frequently Asked Questions (FAQ)

Why can’t I see the app in Azure Portal?
Ensure you have the necessary admin rights.

What do I do if no clients appear?
Click on Test Run, or wait as it may take several hours for Q-Cal and Azure to establish a connection.

How do I know if the integration is working?
If AD groups appear correctly under AD Groups, the integration is functional.
    • Related Articles

    • Create Employees as Clients for Check-In

      To show an employee on the Check-In solution, the person must be created as a client in Q-Desk via app.q-cal.net. This guide describes how to create an employee on the "Har aftale" and "Har ikke aftale" list on the Check-In solution, respectively. If ...
    • How to create a Check-In view with guest registration

      This guide shows step by step how to create a Check-In design with guest registration for you solution. 1. The first step is to log in to Q-Cal. 2. Here, click on Design. 3. You can choose what you want to create a design for. Select Check-In. 4. ...
    • How to create/use Q-Cal Templates for Q-Play Template solution

      How to create a Q-Cal Screen Design. If you want to add a dynamic element to your Q-Play template, we can create a relevant template in Q-Cal. Then we also showcase how the two systems work together. Sign in to Q-Cal. Click on Design Choose a display ...
    • Set up ChurchDesk Integration

      This guide describes how to set up Churchdesk in Q-Cal. The guide is divided into 2 parts: 1. Contact Churchdesk for link delivery. 2. Set up the integration in Q-Cal. Contact Churchdesk for link delivery. To set up a Churchdesk integration in Q-Cal, ...
    • How to Create an API Key

      1. Open the Dropdown Menu Click on the dropdown menu in the top right corner of your screen. 2. Access the Admin Panel In the dropdown menu, click on Admin. 3. Navigate to API Access Within the Admin panel, click on API access. 4. Create a New API ...