These steps are for anyone who wants more fine grained control, keeping the app registration restricted to a single tenant.
Step 1 - Create App Registration
In the Azure Portal, click EntraID, then click 'App registration' and click 'New registration':
|
|
It is suggested that the name of the application includes the word 'SWOOP', so you can find it again.
Select 'Accounts in this organisational directory only':
|
|
For the 'Redirect URI' you will need to choose 'Web' from the 'Select a platform' dropdown. Then add https://oauth.swoopanalytics.com as the URI:
|
|
Step 2 - Add API permissions
Click 'API permissions', and click 'Add a permission'. Set the permissions as follows:
- Microsoft Graph: offline_access (this is required for the data-miner to work)
- Yammer: user_impersonation (this is required to load information from Viva Engage)
|
|
Step 3 - Generate client secret
You will need to generate a client secret which is needed for the set up of SWOOP for Viva Engage.
Click 'Certificates & secrets', and then click 'Client secrets' (tab menu), then '+ New client secret'.
|
|
Step 4 - Access control via EntraID security groups (optional)
By default, permissions for users of SWOOP are set within the SWOOP application. There is an option to control access permissions via EntraID security groups. Follow these steps if you want to control permissions within EntraID security groups:
- In your app registration click 'App roles'
-
Add the following roles:
Ensure that the entries under 'Value' are case-sensitive and must match the screenshot exactly
- Once the roles have been added, then assign EntraID security groups. Refer to Using EntraID security groups to assign access control roles in SWOOP.