Support

Submit a ticket My Tickets Login
Welcome
Login

How to Create a Custom AAD App

TABLE OF CONTENTS

Create the Azure App Registration

  1. Log in to the Azure Portal with an Administrator account.
  2. In the search box, type "App registration" or in the Azure Portal, select "All Services", then "App Registrations" in the "Other" category. 
  3. Once in the App Registrations blade, click "New registration".
  4. In the registration blade, give the App Registration a name. The remaining settings can be left as the defaults.
  5. In the Overview panel of the new App, record the Application ID to send to the tyGraph team.
  6. From the left-hand menu in your App Registration, select "Certificates and secrets".
  7. Click the button for a "New client secret".
  8. Click "Add" to create a new secret.
  9. Record the secret value to send to the tyGraph team. Note: Make sure to copy the secret down immediately, as it will disappear once you leave the page.
  10. Click the "Certificates" tab.
  11. Click "Upload Certificate".
  12. Click the browse button, and select the .CER file provided by the tyGraph Team. (Or upload your own .CER file if you have chosen to generate your own certificate).
  13. The certificate will be installed on the App Registration.
  14. On the left menu, click "API Permissions".
  15. Click "Add a permission".
  16. Select "Microsoft Graph".
  17. Click "Application Permissions".
  18. Find and select the appropriate permissions for the tyGraph products you will be using. (For a full explanation of tyGraph permissions, see the tyGraph Compliance Whitepaper).

    tyGraph EnterprisetyGraph PulsetyGraph for OneDrivetyGraph for SharePointtyGraph for TeamstyGraph for Yammer
    CallRecords.Read.AllX


    X
    ChannelMessage.Read.AllX


    X
    Directory.Read.AllXXXXXX
    Files.Read.AllX

    X

    Group.Read.AllXXXXX
    Reports.Read.AllXXXXXX
    Sites.Read.AllX

    X

    User.Read.AllXXXXXX
  19. Once you have selected all the necessary permissions for the tyGraph products you will be using, click the "Add permissions" button.
  20. Click the "Add a permission" button again.
  21. Scroll down and select the "Office 365 Management APIs" button.
  22. Select "Application Permissions", check the ActivityFeed.Read box, and click "Add permissions". (The ActivityFeed.Read permission is required for all tyGraph products).
  23. Click the "Add a permission" button again.
  24. Scroll down and select the "SharePoint" button.
  25. Select "Application Permissions", check the Sites.Read.All box, and click "Add permissions. (The Sites.Read.All permission is required if using tyGraph Enterprise, tyGraph Pulse, tyGraph for OneDrive, tyGraph for SharePoint, or tyGraph for Teams). 
  26. You will see that the various permissions are listed with a status of "Not granted".
  27. To grant consent to the permissions, click the "Grant admin consent" button.
  28. Click "yes" to continue.
  29. The list of permissions will change to a "Granted" status.
  30. Send the Application (client) Id and Client Secret values to the tyGraph team using a secure method in accordance with your company policies. (If you have chosen to create your own certificate, you will also need to send a .PFX file). If you do not have an established method of secure transfer, consider using https://onetimesecret.com/.

Request Access to Microsoft Teams Message Data

You can skip this section if you will not be using tyGraph for Teams.

  1. Open the Microsoft Teams Protected API Access Form.
  2. Fill out an email and choose whether you want to be contacted by email.
  3. Enter the publisher information and the Application Id you recorded earlier.
  4. Fill out the fields explaining that the app performs analytics on Microsoft Teams data, and select “It is obvious to any admin installing this app that it will make a copy of Microsoft Teams messages” for Data retention:
  5. Fill in your Azure Tenant ID (located in your Azure Active Directory’s Overview page) and indicate that you own the tenant, then click Next:
  6. Leave the next page blank and click Next:
  7. Click Submit: