LogoLogo
Provectus Technologies GmbH
  • Introduction
    • Secure Contacts App (SCA) - Safe & GDPR Compliant
    • Technical / Security Overview
    • Editions
    • Requirements
  • Quickstart Guide
    • iOS (MAM) - Steps to activate SCA in your Entra Tenant
      • Step 1 -MAM- Register Enterprise App
      • Step 2 -MAM- Add App Protection Policy
      • Step 3 -MAM- Add Conditional Access Policy
      • Step 4 -MAM- Add App Configuration Policy
    • iOS (Intune Managed Device) - Steps to activate SCA in your Entra Tenant
      • Step 1 -MDM- Register Enterprise App
      • Step 2 -MDM- Add App Protection Policy
      • Step 3 -MDM- Add Conditional Access Policy
      • Step 4 -MDM- Add App Configuration Policy
    • Android (Android Enterprise) - Steps to activate SCA in your Entra Tenant
      • Step 1 -AE- Register Enterprise App
      • Step 2 -AE- Add App Configuration Policy
    • Android (aMAM) - Steps to activate SCA in your Entra Tenant
      • Step 1 -aMAM- Register Enterprise App
      • Step 2 -aMAM- Add App Configuration Policy
      • Step 3 -aMAM- Add App Protection Policy
      • Step 4 -aMAM- Add Conditional Access Policy
    • Additional Datasource for SCA
    • Best-Practice Guide for SCA
  • Enduser guide
    • iOS - Onboarding SCA
    • iOS - activate Caller Identification
    • iOS - Userguide
    • iOS - App Manual
      • Contacts page
      • Contacts Sync
      • Contact information
      • Contact settings menu
      • Side menu
      • Logviewer
      • Help menu
      • vCard
    • Android Enterprise - Userguide
  • Documentation
    • Authentication
      • Enterprise Application
      • Conditional Access
        • CA with SCA - Require Complaint Device
        • SCA with CA - Require App Protection Policy
    • Deployment SCA
      • iOS - App Installation
      • Android - App Installation
      • App Configuration
        • iOS - MobileDeviceManagement (MDM) protocol
        • Android - App Restrictions
        • AppConfigurationPolicies
          • iOS - App Configuration Policies - MAM Integration in Microsoft Intune
          • Android - App Configuration Policies - MDM Integration in Microsoft Intune
      • App Protection Policy - Integration in Microsoft Intune
        • APP - unmanaged Devices
        • APP - managed Devices
        • Requirement - Open phone-settings
        • Requirement - Open Maps app
        • Requirement - Open GoogleMaps app
        • Requirement - Open WebExTeams
        • Requirement - Open WhatsApp
        • Requirement - Open Facetime
        • Requirement - Open email-link from SCA in Outlook
      • Deployment for your Devices in Intune
        • Deployment iOS - MAM-WE - APP only
        • Deployment iOS MDM - Managed & Complaint Device
        • Deployment iOS MDM - Managed Device & APP
        • Deployment Android MDM - Managed Device
    • App Configuration Policy -Name/Values for SCA
      • SCA Configuration - SecContacts.Defaults
      • SCA Configuration - SecContacts.Licenses
      • SCA Configuration - AAD filters
      • SCA Configuration - AAD groups
      • SCA Configuration - Connect additional Datasource
      • SCA Configuration - Custom Datasource Names
      • SCA Configuration - CI Customization
    • Data Sources
      • AAD - Azure Active Directory
      • GAL - Global Address List
      • APC - Personal Outlook Contacts
      • D365 - Dynamics 365
      • DVRS - Dataverse
      • ABS - Azure Blob Storage
      • SMC - Shared Mailbox Contacts
    • Valid phone numbers for SCA
    • iOS and Android version of SCA in comparison
  • Additional Information
    • Troubleshooting
    • Frequently Asked Questions (FAQ)
    • Phone number handling defaults changed in release v2.0.19
    • Links
    • Product Page - Secure Contacts App
Powered by GitBook
On this page
  • Configuration of SCA as Enterprise Application
  • Register SCA as an enterprise app
  • Permissions for SCA Enterprise app

Was this helpful?

  1. Documentation
  2. Authentication

Enterprise Application

Last updated 3 months ago

Was this helpful?

Configuration of SCA as Enterprise Application

SCA uses the standard procedure provided by Microsoft to log in to the SCA against the Microsoft Azure AD Enterprise App “Secure Contacts App” using a AAD account. SCA authenticates against your Azure-tenant via URL-Registration.

It allows authentication and acquire tokens from Azure Active Directory (AAD) to access company data. MSAL is used to log in to the SCA against the Microsoft Azure AD Enterprise App “Secure Contacts App” using a AAD account. During the process of registration of SCA in your tenant you have to grant, dedicated Permissions for Graph-Values, which will be used by the Application.

Register SCA as an enterprise app

If you want to implement SCA in your tenant, you have to Register SCA as an Azure Enterprise App, for that process your tenant ID is necessary. There are 2 ways to add SCA as an Enterprise App to your own Azure-tenant:

1. Register SCA from our homepage, where you enter your tenant ID

2. Register SCA manually within your tenant ID via an URL, you create

You can register the SCA manually as an Enterprise App to your own tenant via a URL, this is exactly the same procedure as to register SCA from our homepage, afterwards you must create to grant tenant-wide admin consent:

1. Create a URL like the following for this:

https://login.microsoftonline.com/{tenant-id-of-foreign-tenant}/adminconsent?client_id=20429334-d869-476e-8a65-ea300a327985

2. Replace {tenant-id-of-foreign-tenant} with your own tenant ID in the URL.

XXXXXXXX-31f3-43f7-b8fa-db8e8d525088 = Replace this with your own Tenant-ID 20429334-d869-476e-8a65-ea300a327985 = Enterprise-App-ID of PVS

3. Confirm the Consent for SCA accordingly

Permissions for SCA Enterprise app

In this table you will find all mandatory permissions

Graph-Value
Permission
Function in SCA

Contacts.Read

Read user contacts

Personal contacts (APC)

Contacts.Read.Shared

Read user and shared contacts

Shared Mailbox contacts (SMC)

Directory.Read.All

Read directory

List all AD user / contacts (AAD)

offline_access

Maintain access to data you have given it access to

Default-Requirement for Enterprise App

openid

Sign users in

Default-Requirement for Enterprise App

Presence.Read.All

Read presence information of all users in your organization

Teams Status

User.Read.All

View full user profile info

get UPN of all users and users profile photos (AAD)

Microsoft Mobile Application Management:

DeviceManagementManagedApps.ReadWrite

(Read and Write the User's App Management data / allow app access to the Intune app protection service)

Default-Requirement for Intune

Dynamics CRM:

user_impersonation

Access Common Data Service as organization users

Contacts from Dynamic 365 (D365) and from Dataverse (DVRS)

Example:

The consent of the admin-page will stuck a in loop, you won't get a feedback from the admin consent page. Verify if the "Secure Contacts App" is registered in Azure-AD. If you have any issues with the Registration of SCA in Azure. for support.

Step 1 -MAM- Register Enterprise App
https://login.microsoftonline.com/XXXXXXXX-31f3-43f7-b8fa-db8e8d525088/adminconsent?client_id=20429334-d869-476e-8a65-ea300a327985
enterprise app
contact us