Audience: ClassLink Administrator
Before you can effectively export to a destination, you will need to authorize access to that destination. Based on the destination type, you will have to follow different steps based on authorization type. Authorization for Active Directory occurs at the beginning of the destination creation process, while authorization for GSuite and Azure occurs after the destination has been created.
- Active Directory (Authorization)
- GSuite (Obtaining a Client ID & Secret)
- Azure (Obtaining a Client ID & Secret)
Active Directory (Authorization)
1. When creating an Active Directory destination, you will be prompted for your authorization credentials at the beginning of the destination creation process. You will need your username, password, domain, base path, and port. OneSync currently only supports LDAP protocols.
2. Press the Test Connection button to check your credentials. If you entered them correctly, this button will show Connected.
GSuite (Obtaining a Client ID & Secret)
1. To export to a GSuite destination, you must first register the OneSync API to allow it access to your Google Account using an API Client ID & Secret.
2. To register OneSync, navigate and sign into https://console.developers.google.com/. This will bring you to Google APIs Dashboard, where you must first create a project. Click the dropdown shown below and then click New Project.
3. Create a new project called ClassLink to which to register the API.
4. Navigate to Credentials (on the left) -> Create credentials -> OAuth client ID (from the dropdown).
5. From the list of application types, choose Web application -> Create.
6. Name your client ID OneSync. For authorized redirect URIs, add "http://localhost/oauth2" or your dedicated URL, if not using localhost, then click Create. This will generate a Client ID (key) and Client Secret, which you will then enter into your GSuite destination's details.
7. Once that is completed, you will need to enable the Admin SDK for the project. If you navigate back to the Google API Dashboard, you can click Library where you can search for Admin SDK.
Azure (Obtaining a Client ID & Secret via v2.0 endpoint)
To export to an Azure destination, you must first register the OneSync API to allow it access to your Azure Active Directory Account using an API Client ID & Secret.
1. Register a New App:
Navigate and sign into the Azure Portal. In the main menu to the left, navigate to Azure Active Directory -> App registrations (Preview). Then click the blue +New registration button at the top. This will bring you to a new page called Register an Application. Name the app "OneSyncAPI." Under "Supported account types," select "Accounts in any organizational directory". Under "Redirect URI (optional)", enter the URL for your OneSync account with "Web" for the type. In most cases, this URL will be "http://localhost/oauth2". If you are using a custom URL, simply append "/oauth2" to it. Finally, click the blue Register button.
2. Manage Authentication:
Once you register the app, you will be redirected to the app's Preview page. In the second toolbar from the left, underneath the Manage section, click Authentication. Scroll down to the Implicit grant section. Select Access tokens and ID tokens. Then click Save at the top.
3. Assign Permissions:
While you are still in the app's Preview page, navigate to API Permissions in the second toolbar. Click the +Add a permission button. This will open a slideover with different APIs and permissions. At the top of the slideover, under Commonly used Microsoft APIs, click Microsoft Graph. Then click Delegated permissions. This will display a list of applicable permissions. Search for and apply the following permissions: Directory.AccessAsUser.All, Directory.Read.All, Directory.ReadWrite.All, User.Read, offline_access, openid. Then click the blue Add permissions button at the bottom left of the slideover.
4. Obtain the Client ID and Secret:
To obtain the client ID, simply navigate to the app's Overview of the Preview page. The client ID will be list as at the top of the page.
To obtain a secret, navigate to Certificates Application (client) ID& secrets. Underneath Client secrets, click +New client secret. You will give the secret a description and select the expiration date for it. Then click the blue Add button. Copy the new client secret value. You won't be able to retrieve it after you leave this page.
Once you have the client ID and secret, you can authorize an Azure destination in OneSync.
Updated: Mar 2019