Support

Submit a ticket My Tickets Login
Welcome
Login
  1. Support
  2. Solution home
  3. Solutions
  4. General

How to Create a Custom AAD App

TABLE OF CONTENTS

Create the Azure App Registration

  1. Log in to the Azure Portal with an Administrator account.
  2. In the search box, type "App registration" or in the Azure Portal, select "All Services", then "App Registrations" in the "Other" category. 
  3. Once in the App Registrations blade, click "New registration".
  4. In the registration blade, give the App Registration a name. The remaining settings can be left as the defaults.
  5. In the Overview panel of the new App, record the Application ID to send to the tyGraph team.
  6. From the left-hand menu in your App Registration, select "Certificates and secrets".
  7. Click the button for a "New client secret".
  8. Click "Add" to create a new secret.
  9. Record the secret value to send to the tyGraph team. Note: Make sure to copy the secret down immediately, as it will disappear once you leave the page.
  10. Click the "Certificates" tab.
  11. Click "Upload Certificate".
  12. Click the browse button, and select the .CER file provided by the tyGraph Team. (Or upload your own .CER file if you have chosen to generate your own certificate).
  13. The certificate will be installed on the App Registration.
  14. On the left menu, click "API Permissions".
  15. Click "Add a permission".
  16. Select "Microsoft Graph".
  17. Click "Application Permissions".
  18. Find and select the appropriate permissions for the tyGraph products you will be using. (For a full explanation of tyGraph permissions, see the tyGraph Compliance Whitepaper).

    		tyGraph EnterprisetyGraph PulsetyGraph for OneDrivetyGraph for SharePointtyGraph for TeamstyGraph for Yammer
    CallRecords.Read.AllX


    		X
    ChannelMessage.Read.AllX


    		X
    Directory.Read.AllXXXXXX
    Files.Read.AllX

    		X

    Group.Read.AllXXXXX
    Reports.Read.AllXXXXXX
    Sites.Read.AllX

    		X

    User.Read.AllXXXXXX
  19. Once you have selected all the necessary permissions for the tyGraph products you will be using, click the "Add permissions" button.
  20. Click the "Add a permission" button again.
  21. Scroll down and select the "Office 365 Management APIs" button.
  22. Select "Application Permissions", check the ActivityFeed.Read box, and click "Add permissions". (The ActivityFeed.Read permission is required for all tyGraph products).
  23. Click the "Add a permission" button again.
  24. Scroll down and select the "SharePoint" button.
  25. Select "Application Permissions", check the Sites.Read.All box, and click "Add permissions. (The Sites.Read.All permission is required if using tyGraph Enterprise, tyGraph Pulse, tyGraph for OneDrive, tyGraph for SharePoint, or tyGraph for Teams). 
  26. You will see that the various permissions are listed with a status of "Not granted".
  27. To grant consent to the permissions, click the "Grant admin consent" button.
  28. Click "yes" to continue.
  29. The list of permissions will change to a "Granted" status.
  30. Navigate to the Overview or Properties panel of Azure Active Directory on the Azure Portal and copy down your Azure Tenant Id.
     
  31. Navigate to the Custom domain names panel of your Azure Active Directory and copy down the domain that ends with '.onmicrosoft.com'.
     
  32. Send the Application (client) Id, Client Secret, Azure Tenant Id, and ".onmicrosoft.com" domain to the tyGraph team using a secure method in accordance with your company policies. (If you have chosen to create your own certificate, you will also need to send a .PFX file). If you do not have an established method of secure transfer, consider using https://onetimesecret.com/.

Request Access to Microsoft Teams Message Data

You can skip this section if you will not be using tyGraph for Teams.

  1. Open the Microsoft Teams Protected API Access Form.
  2. Fill out an email.
  3. Enter the publisher information and the Application ID you recorded earlier.
  4. You can skip step 5 (leave this blank).
  5. Select "Reporting and analytics" for step 6.
  6. Answer step 7 with "To perform analytics on Microsoft Teams data.", then select "It is obvious to any admin installing this app that it will make a copy of Microsoft Teams messages." for step 8.
  7. Fill in your Azure Tenant ID (located in your Azure Active Directory’s Overview page) and indicate that you own the tenant:
  8. Answer "Yes" for steps 11 & 12, then click "Submit".