Audience: ClassLink Administrator
Before you can effectively export to a destination, you will need to authorize access to that destination. Based on the destination type, you will have to follow different steps based on authorization type. Authorization for Active Directory occurs at the beginning of the destination creation process, while authorization for GSuite and Azure occurs after the destination has been created.
- Active Directory (Authorization)
- GSuite (Obtaining a Client ID & Secret)
- Azure (Obtaining a Client ID & Secret)
Active Directory (Authorization)
1. When creating an Active Directory destination, you will be prompted for your authorization credentials at the beginning of the destination creation process. You will need your username, password, domain, base path, and port. OneSync currently only supports LDAP protocols.
2. Press the Test Connection button to check your credentials. If you entered them correctly, this button will show Connected.
GSuite (Obtaining a Client ID & Secret)
To export to a GSuite destination, you must first register the OneSync API to allow it access to your Google Account using an API Client ID & Secret.
1. To register OneSync, navigate and sign into https://console.developers.google.com/. This will bring you to Google APIs Dashboard, where you must first create a project. Click the dropdown shown below and then click New Project. Create a new project called ClassLink that you will register the API to.
2. Once that is completed, you will need to enable the Admin SDK API for your project. Navigate back to the Google API Dashboard, then click "+ Enable APIs and Services". This will bring you to the API library. Search for and click Admin SDK. This will bring you to the API details, where you can click the blue "Enable" button to enable the API.
3. If you navigate back to the Google APIs Dashboard, you can then navigate to the Credentials section to generate your API key and secret. Beforehand though, you must configure your consent screen. Navigate to the "OAuth consent screen". Here, you will add scopes to your project. Name the application, then click "Add Scope". A popup will appear. If you look near the bottom, you will see a hyperlink labeled "manually paste [your scopes]".This will open an input box within the popup. Copy and paste the following scopes to add them to your API:
Click the blue "Add" button in the popup, then the blue "Save" button at the bottom of the page to save your settings.
4. Clicking "Save" will navigate you back to the Credentials section. Click the blue "Create credentials" button, then select "OAuth client ID".
5. This will redirect you to a page where you will create an OAuth client ID. Name your client ID. For the Application type, select "Web application". For authorized redirect URIs, add "http://localhost/oauth2" or your dedicated URL, if not using localhost, then click "Create".
6. You will then be redirected back to the Credentials page. A popup will appear with a newly generated Client ID (key) and Client Secret, which you will then enter into your GSuite destination's details.
Azure (Obtaining a Client ID & Secret via v2.0 endpoint)
To export to an Azure destination, you must first register the OneSync API to allow it access to your Azure Active Directory Account using an API Client ID & Secret.
1. Register a New App: Navigate and sign into the Azure Portal.
2. In the main menu to the left, navigate to Azure Active Directory -> App registrations (Preview).
3. Click the blue +New registration button at the top. This will bring you to a new page called Register an Application.
4. Name the app "OneSyncAPI."
5. Under "Supported account types," select "Accounts in any organizational directory".
6. Under "Redirect URI (optional)", enter the URL for your OneSync account with "Web" for the type. In most cases, this URL will be "http://localhost/oauth2". If you are using a custom URL, simply append "/oauth2" to it.
7. Click the blue Register button.
8. Manage Authentication: Once you register the app, you will be redirected to the app's Preview page.
9. In the second toolbar from the left, underneath the Manage section, click Authentication -> Scroll down to the Implicit grant section.
10. Select Access tokens and ID tokens.
11. Click Save at the top.
12. Assign Permissions: While you are still in the app's Preview page, navigate to API Permissions in the second toolbar.
13. Click the +Add a permission button. This will open a slide over with different APIs and permissions.
14. At the top of the slide over, under Commonly used Microsoft APIs -> click Microsoft Graph.
15. Click Delegated permissions. This will display a list of applicable permissions.
16. Search for and apply the following permissions:
17. Click the blue Add permissions button at the bottom left of the slide over.
18. To obtain the client ID, simply navigate to the app's Overview of the Preview page. The client ID will be list as at the top of the page.
19. To obtain a secret, navigate to Certificates Application (client) ID& secrets.
20. Underneath Client secrets -> click +New client secret.
21. You will give the secret a description and select the expiration date for it.
22. Click the blue Add button.
23. Copy the new client secret value. You won't be able to retrieve it after you leave this page.
Once you have the client ID and secret, you can authorize an Azure destination in OneSync.
Updated: Mar 2019