Audience: ClassLink Administrator
Before you can effectively export to a destination, you will need to authorize access to that destination. Based on the destination type, you will have to follow different steps based on authorization type. Authorization for Active Directory occurs at the beginning of the destination creation process, while authorization for GSuite and Azure occurs after the destination has been created.
- Active Directory (Authorization)
- GSuite (Obtaining a Client ID & Secret)
- Azure (Obtaining a Client ID & Secret)
Active Directory (Authorization)
1. When creating an Active Directory destination, you will be prompted for your authorization credentials at the beginning of the destination creation process. You will need your username, password, domain, base path, and port. OneSync currently only supports LDAP protocols.
2. Press the Test Connection button to check your credentials. If you entered them correctly, this button will show Connected.
GSuite (Obtaining a Client ID & Secret)
To export to a GSuite destination, you must first register the OneSync API to allow it access to your Google Account using an API Client ID & Secret.
1. Create a new Project:
a. Go to https://console.developers.google.com/ and sign in.
b. Click on the drop down.
c. Click on NEW PROJECT.
d. Enter ClassLink for the Project name.
e. Click on Create button.
2. Enable necessary APIs and credentials:
a. From Dashboard, click on + ENABLE APIS and SERVICES.
b. In Search bar for the API Library enter Admin SDK. When found select it.
c. Click on the ENABLE button.
d. Select Credentials from menu on left.
e. Click on CONFIGURE CONSENT SCREEN button on right of screen.
f. Fill in the OAuth consent screen with.
i. Application Type Public.
ii. Application name onesync.
g. Midway down the screen click on the Add Scope button.
h. Click on the manually paste link toward the bottom of the screen.
i. In the box that opens up at the bottom enter the following on separate lines or separated by commas:
j. Click on the ADD button (of Add Scope window).
k. Click on the Save button (bottom of the Credentials window).
l. Click on the Create credentials button/dropdown and select OAuth client ID.
m. Select Web Application as the Application Type.
n. Enter the Name (ex. Web client onesync).
o. Enter the Authorized redirect URIs as http://localhost/oauth2 (Case Sensitive).
(if you do not access your onesync server via localhost, replace "http://localhost" with your url. For example: https://onesync.mydistrict.edu/oauth2 )
p. Press Enter.
q. Click on the Create button.
3. Save your client ID and client secret in notepad to use for Google authorization in OneSync.
Azure (Obtaining a Client ID & Secret via v2.0 endpoint)
To export to an Azure destination, you must first register the OneSync API to allow it access to your Azure Active Directory Account using an API Client ID & Secret.
1. Register a New App: Navigate and sign into the Azure Portal.
2. In the main menu to the left, navigate to Azure Active Directory -> App registrations (Preview).
3. Click the blue +New registration button at the top. This will bring you to a new page called Register an Application.
4. Name the app "OneSyncAPI."
5. Under "Supported account types," select "Accounts in any organizational directory".
6. Under "Redirect URI (optional)", enter the URL for your OneSync account with "Web" for the type. In most cases, this URL will be "http://localhost/oauth2". If you are using a custom URL, simply append "/oauth2" to it.
7. Click the blue Register button.
8. Manage Authentication: Once you register the app, you will be redirected to the app's Preview page.
9. In the second toolbar from the left, underneath the Manage section, click Authentication -> Scroll down to the Implicit grant section.
10. Select Access tokens and ID tokens.
11. Click Save at the top.
12. Assign Permissions: While you are still in the app's Preview page, navigate to API Permissions in the second toolbar.
13. Click the +Add a permission button. This will open a slide over with different APIs and permissions.
14. At the top of the slide over, under Commonly used Microsoft APIs -> click Microsoft Graph.
15. Click Delegated permissions. This will display a list of applicable permissions.
16. Search for and apply the following permissions:
17. Click the blue Add permissions button at the bottom left of the slide over.
18. To obtain the client ID, simply navigate to the app's Overview of the Preview page. The client ID will be list as at the top of the page.
19. To obtain a secret, navigate to Certificates Application (client) ID& secrets.
20. Underneath Client secrets -> click +New client secret.
21. You will give the secret a description and select the expiration date for it.
22. Click the blue Add button.
23. Copy the new client secret value. You won't be able to retrieve it after you leave this page.
Once you have the client ID and secret, you can authorize an Azure destination in OneSync.
Updated: Mar 2019