Enterprise Application

Configuration of SCA as Enterprise Application
​
SCA uses the standard procedure provided by Microsoft to to log in to the SCA against the Microsoft Azure AD Enterprise App “Provectus - Secure Contacts” using a AAD account.

SCA authenticates against your Azure-tenant via URL-Registration.
It allows authentication and acquire tokens from Azure Active Directory (AAD) to access company data. MSAL is used to log in to the SCA against the Microsoft Azure AD Enterprise App “Provectus - Secure Contacts” using a AAD account.

During the process of registration of SCA in your tennat you have to grant, dedicated Permissions for Graph-Values, which will be used by the Application.
​
Register SCA as an enterprise app
​
If you want to implement SCA in your tenant, you have to Register SCA as an Azure Enterprise App, for that process your tenant ID is necessary.

There are 2 ways to add SCA as an Enterprise App to your own Azure-tenant:
1. Register SCA from our homepage, where you enter your tenant ID
Step 1 - Register Enterprise App
2. Register SCA manually within your tenant ID via an URL, you create
You can register the SCA manually as an Enterprise App to your own tenant via a URL, this is exactly the same procedure as to register SCA from our homepage, afterwards you must create to grant tenant-wide admin consent:

1. Create a URL like the following for this: 
https://login.microsoftonline.com/{tenant-id-of-foreign-tenant}/adminconsent?client_id=76d61813-1886-40f8-a065-8ca490a108f6
2. Replace {tenant-id-of-foreign-tenant} with your own tenant ID in the URL.
3. Confirm the Consent for the SCA accordingly
 
Example:
https://login.microsoftonline.com/XXXXXXXX-31f3-43f7-b8fa-db8e8d525088/adminconsent?client_id=76d61813-1886-40f8-a065-8ca490a108f6​
XXXXXXXX-31f3-43f7-b8fa-db8e8d525088 = Provectus LAB Tenant ID (foreign tenant)
76d61813-1886-40f8-a065-8ca490a108f6 = Contact Secure App ID
​
Permissions for SCA Enterprise app
​
In this table you will find all mandatory permissions
Graph-Value
Permission
Function in SCA
Contacts.Read
Read user contacts
Personal contacts (APC)
Contacts.Read.Shared
Read user and shared contacts
Shared Mailbox contacts (SMC)
Directory.Read.All
Read directory
List all AD user / contacts (AAD)
offline_access
Maintain access to data you have given it access to
Default-Requirement for Enterprise App
openid
Sign users in
Default-Requirement for Enterprise App
Presence.Read.All
 
Read presence information of all users in your organization
Teams Status
User.Read.All
 
View full user profile info
get UPN of all users and users profile photos (AAD)

Microsoft Mobile Application Management: 
​
​
DeviceManagementManagedApps.ReadWrite
(Read and Write the User's App Management data / allow app access to the Intune app protection service)
Default-Requirement for Intune

Dynamics CRM:
​
​
user_impersonation
Access Common Data Service as organization users
Contacts from Dynamic 365  (D365) and from Dataverse (DVRS)
​

Graph-Value	Permission	Function in SCA
Contacts.Read	Read user contacts	Personal contacts (APC)
Contacts.Read.Shared	Read user and shared contacts	Shared Mailbox contacts (SMC)
Directory.Read.All	Read directory	List all AD user / contacts (AAD)
offline_access	Maintain access to data you have given it access to	Default-Requirement for Enterprise App
openid	Sign users in	Default-Requirement for Enterprise App
Presence.Read.All	Read presence information of all users in your organization	Teams Status
User.Read.All	View full user profile info	get UPN of all users and users profile photos (AAD)
Microsoft Mobile Application Management:
DeviceManagementManagedApps.ReadWrite	(Read and Write the User's App Management data / allow app access to the Intune app protection service)	Default-Requirement for Intune
Dynamics CRM:
user_impersonation	Access Common Data Service as organization users	Contacts from Dynamic 365 (D365) and from Dataverse (DVRS)

Last modified 16d ago