Enterprise Application
Configuration of SCA as Enterprise Application
SCA uses the standard procedure provided by Microsoft to to log in to the SCA against the Microsoft Azure AD Enterprise App “Secure Contacts App” using a AAD account. SCA authenticates against your Azure-tenant via URL-Registration.
It allows authentication and acquire tokens from Azure Active Directory (AAD) to access company data. MSAL is used to log in to the SCA against the Microsoft Azure AD Enterprise App “Secure Contacts App” using a AAD account. During the process of registration of SCA in your tenant you have to grant, dedicated Permissions for Graph-Values, which will be used by the Application.
Register SCA as an enterprise app
If you want to implement SCA in your tenant, you have to Register SCA as an Azure Enterprise App, for that process your tenant ID is necessary. There are 2 ways to add SCA as an Enterprise App to your own Azure-tenant:
1. Register SCA from our homepage, where you enter your tenant ID
Step 1 -MAM- Register Enterprise App2. Register SCA manually within your tenant ID via an URL, you create
You can register the SCA manually as an Enterprise App to your own tenant via a URL, this is exactly the same procedure as to register SCA from our homepage, afterwards you must create to grant tenant-wide admin consent:
1. Create a URL like the following for this:
2. Replace {tenant-id-of-foreign-tenant} with your own tenant ID in the URL.
XXXXXXXX-31f3-43f7-b8fa-db8e8d525088 = Replace this with your own Tenant-ID 20429334-d869-476e-8a65-ea300a327985 = Enterprise-App-ID of PVS
3. Confirm the Consent for SCA accordingly
The consent of the admin-page will stuck a in loop, you won't get a feedback from the admin consent page. Verify if the enterprise app "Secure Contacts App" is registered in Azure-AD. If you have any issues with the Registration of SCA in Azure. contact us for support.
Permissions for SCA Enterprise app
In this table you will find all mandatory permissions
| Graph-Value | Permission | Function in SCA |
|---|---|---|
Contacts.Read | Read user contacts | Personal contacts (APC) |
Contacts.Read.Shared | Read user and shared contacts | Shared Mailbox contacts (SMC) |
Directory.Read.All | Read directory | List all AD user / contacts (AAD) |
offline_access | Maintain access to data you have given it access to | Default-Requirement for Enterprise App |
openid | Sign users in | Default-Requirement for Enterprise App |
Presence.Read.All
| Read presence information of all users in your organization | Teams Status |
User.Read.All
| View full user profile info | get UPN of all users and users profile photos (AAD) |
Microsoft Mobile Application Management: | ||
DeviceManagementManagedApps.ReadWrite | (Read and Write the User's App Management data / allow app access to the Intune app protection service) | Default-Requirement for Intune |
Dynamics CRM: | ||
user_impersonation | Access Common Data Service as organization users | Contacts from Dynamic 365 (D365) and from Dataverse (DVRS) |
Last updated
