Skip to main content
Kofax

How to setup a simple application on Azure for MS Graph polling via KIC or KTA

Article # 3031226 - Page views: 425

Article # 3031226 - Page views: 425

Issue

The first part of this Kofax internal document will guide you in setting up a simple Azure application and setting up the needed/documented permissions for allowing your KTA or KIC installation to poll mailboxes via MS Graph.

In part two, at the end of this document, I will quickly show how to setup the newest/more secure method of connecting MS Graph using the Tenant ID and Client Secret.

Solution

This guide is based on the following documentation:

 

Things to keep in mind:

  • KIC 2.8 and KTA 7.8 currently only support 'ROPC grant' which means that username and password still have to be provided.  With KIC 2.9 and KTA 7.9 support for 'Authorization Code grant' and 'Client Credentials grant' will be introduced.
  • The currently documented rights might be changed in the near future.  Customers have been giving feedback and development is reviewing these comments.
  • A new (more secure) implementation of MS Graph has been included in KIC 2.8.0.1 and will be included in KTA 7.8. See ER 1449052 and Feature 1467475.
  • The Azure side of things is usually something for the customer and his IT to deal with.

There will be a lot of screenshots with as little text as possible.

Zooming in is possible by holding Ctrl+Scrolling or you can simply click on an image to open it in a new window for more detail.
 

Part one: Simple setup

Browse to: https://portal.azure.com and login with your O365 Admin account.

Azure logging in.

Azure logging in.

 

Navigate to “Manage Azure Active Directory”.

Navigate to “Manage Azure Active Directory”.

 

Click on "App registrations"

Click on "App registrations".

 

Click on “+ New registration”.

Click on “+ New registration”.

 

Give your new application a name and click “Register”.

Give your new application a name and click “Register”.

 

You should’ve landed in the Overview of your new Application.
Here you can see the Application (client) ID which you will need to setup your KTA or KIC MS Graph import… but you can ignore this for now.

Click on “API permissions”.

Click on "API permissions".

 

Here you can see 1 API permission already in place. Simply leave it in place.

Click on “+ Add a permission”.
Here we’ll be adding the permissions as documented in KB article 3031220 in Mindtouch.

NOTE: Not all of the following permissions are still required. You only need to add the permissions that can be found in KB article 3031220 in Mindtouch.

Click on "+ Add a permission".

 

Select the “Microsoft Graph” API.

Select the “Microsoft Graph” API.

 

Click on “Delegated permissions”.

Click on “Delegated permissions”.

 

Under “Select permissions” you can enter a search term.
Search for “mail.read” and select the documented delegated permissions for Microsoft Graph.
Don’t click “Add permissions” yet.

Search for “mail.read” and select the documented delegated permissions for Microsoft Graph.

 

Click on “Application permissions”.
The filter for “mail.read” should still be active.

Click on “Application permissions”.

 

Select the documented Application permissions for Microsoft Graph and click “Add permissions”.

Select the documented Application permissions for Microsoft Graph and click “Add permissions”.

NOTE: Not all of these permissions are still required. You only need to add the permissions that can be found in KB article 3031220 in Mindtouch.

Here you can see the list of added permissions.

Here’s where you need the admin privileges.
Click on “Grant admin consent for YourDomain”.

Click on “Grant admin consent for YourDomain”.

 

Click on “Yes”.

Click on “Yes”.

 

Take note of the changes.

Take note of the changes.

 

One last step which currently is only documented in the KIC admin guide.
Click on “Authentication”.

Click on “Authentication”.

 

Under Advanced settings, set the setting for “Treat application as a public client” to “Yes”.

Under Advanced settings, set the setting for “Treat application as a public client” to “Yes”.

 

And click “Save”.

And click “Save”.

 

Take note of the changes.

Take note of the changes.

 

Go back to the “Overview” of your application.

Go back to the “Overview” of your application.

 

Here you can find and copy the “Application (client) ID” that you need to setup your KTA or KIC import for MS Graph.

Here you can find and copy the “Application (client) ID”.

 

For KIC (2.8 on the left and 2.8.0.1 on the right), setup a new mailbox import, select “MS Graph” in the Protocol field and copy the “Application (client) ID” into the “Client ID” field and configure the User name and password for the mailbox you want to poll. (note that in the following Mailbox settings screenshots the password isn't always shown but still is needed.  The password isn't seen due to security changes in the GUI.)

Note that it’s best practice to restart the MC after setting up the Azure side of things and before testing the connection of your MS Graph import connector.

KIC 2.8 Mailbox setup. KIC 2.8.0.1 Mailbox setup.

 

The same goes for KTA. Setup a new Import Source of Type “MS graph”.
Copy the “Application (client) ID” into the “Client ID” field and configure the User name and password for the mailbox you want to poll.

Note that it’s best practice to restart the MC after setting up the Azure side of things and before testing the connection of your MS Graph import connector.

KTA setup

 

Part Two: More secure setup using Tenant ID and Client Secret.

The “Directory (Tenant) ID” can be found directly under the “Application (client) ID”.
Copy the value.

Location of Tenant ID on the Application Overview Page.

 

Paste the copied value in the Tenant ID field of your KIC import connector for MS Graph.

Pasting Tenant ID into KIC Plug-in config

 

To setup a client secret, from your application Overview window, click on “Certificates & secrets”.

Browse to "Certificates & secrets"

 

Click on “+ New client secret”.

Click on “+ New client secret”.

 

Add a description for this secret, select the desired expiry and click on “Add”.

Add a description for this secret, select the desired expiry and click on “Add”.

 

Copy the newly generated Client secret. Note that you have to copy this value at this point in time and store it in a safe place because at a later point in time this value won't be visible/available anymore.

Copy the newly generated Client secret.

 

Paste the copied value into the “Client Secret” field of your KIC import connector for MS Graph.

Paste the copied value into the “Client Secret” field of your KIC import connector for MS Graph.

 

Note that it’s best practice to restart the MC after setting up the Azure side of things and before testing the connection of your MS Graph import connector.

Test connection.

 

 

Level of Complexity 

High

 

Applies to  

Product Version Build Environment Hardware
Kofax Import Connector 2.8      

References

Add any references to other internal or external articles

  • Was this article helpful?