Configuring MS Intune for Interact

This step-by-step guide details how to enable authentication into the Interact app via MSAL Intune.

Overview

You will need to do the following activities:

  • Setup a new App Registration in Azure Portal
  • Gather the following information: Application (client) ID, Directory (tenant) ID, Redirect URI and Application ID URI.
  • Configure Interact to enable authentication via MS Company Portal

Creating an Azure App Registration

  1. Go to Azure Portal -> Azure Active Directory -> App Registrations
3582
  1. Create a New registration.
  • Provide a name for your registration
  • Under 'Supported account types', select ‘Accounts in this organizational directory only’
  • Click ‘Register’ to complete registration.
1834
  1. You'll then be directed to your app's overview page. Make a note of the following properties:
  • Application (client) ID
  • Directory (tenant) ID
5672
  1. Click on Authentication in the left-hand menu.
2068
  1. Click 'Add a platform' under Platform configurations
  • Depending on which platform(s) you need, select ‘iOS/macOS’, 'Android' or both.
  • For each platform, you will need to specify your Bundle ID. If you do not have this to hand, Interact will be able to provide you with this information.
2886 1196
  1. Click on Expose an API in the left-hand menu.
2794
  1. Click 'Add a scope' under Scopes defined by this API
  • Then set an Application ID URI. Azure provides an ID automatically, but you are free to change this.
  • Make a note of the Application ID URI.
  • Click 'Save and continue'.
5648
  • In the next panel, give your scope a name and ensure Admins and users is selected in the 'Who can consent?' slider.
  • Add display name and description information.
  • Click 'Add scope'.
1188
  1. Click API permissions in the left-hand menu.
2792
  1. Click 'Add a permission' under Configured permissions
  • Type 'Microsoft Mobile Application Management' into the search field in the APIs my organization uses tab.
  • Click on the Microsoft Mobile Application Management that appears below.
5628
  • Then in the next panel that appears, ensure that the Delegated permissions panel is selected and tick the checkbox next to DeviceManagementManagedApps.ReadWrite at the bottom of the page.
  • Click Add permissions
2800

Configuring Interact for MS Intune authentication

  1. Click on Manage Security in Application Settings > Control Panel.
2510
  • Then click on Manage MSAL Authentication.
752
  1. Then click on 'Add Configuration' and add the following to the fields in the panel:
  • Title: an identifiable name for your MS Intune app;
  • Description: a brief description of the app;
  • Application ID: the Application (client) ID you saved from the app overview in the Azure Portal;
  • Directory Tenant ID: the Directory ID you saved from the app overview in the Azure Portal;
  • Application ID URI: the Application ID URI you saved from the 'Expose an API' section of the Azure Portal;
  • Scope: GetNeutrinoToken
  • Redirect URI: the Redirect URI you saved from the Authentication section of the Azure Portal.

Click 'Save'.

458
  1. Congratulations! MSAL Intune should now successfully be configured for your intranet.
752