Configure Microsoft Azure as the Authorization Server

To allow users from Azure Active Directory (Azure AD) to access ServiceDesk Plus via OAuth authentication, you must configure ServiceDesk Plus as an enterprise application in Microsoft Azure.

Before you configure, make sure that ServiceDesk Plus runs in the HTTPS mode.

Log in to the Microsoft Azure portal. Refer here for the Azure AD portal endpoint.
Search App Registrations.

Click App Registrations > + New Registration.
On the registration page, enter the following:
- Provide a Name and choose the Supported account type.
- Under Redirect URI, select platform as Web. Type the redirect URL of ServiceDesk Plus. You can find it under OAuth Feature Details > Redirect URL in the OAuth configuration form.
- Click Register.

You should now see the application details as shown:

While registering the authorization server in ServiceDesk Plus, fill in the form by using the following values in Microsoft Azure:
- Use Application (client) ID for Client ID.
- Under Endpoints and use OAuth 2.0 authorization endpoint (v2) and OAuth 2.0 token endpoint (v2) for Authorization URL and Token URL, respectively.

From the left panel, click Certificates & secrets > New client secret.
On the slideout,
- Provide a Description for the client secret.
- From Expires, choose the client secret validity and click Add.

The client secret value will be generated. Use the string displayed under Value as the Client Secret while configuring OAuth in ServiceDesk Plus.

On the left panel, go to API permissions > Add a permission > Microsoft API > Delegated Permissions to view and add the scopes of the user data. You will use these scopes while configuring OAuth authentication in ServiceDesk Plus.

To retrieve the user's data from the resource server by using scopes, such as openid profile email, use the Resource URL: https://graph.microsoft.com/v1.0/me.

The sample response of the user data received from the Resource URL is given below.

Resource URL	Scope	Sample Response
https://graph.microsoft.com/v1.0/me	openid profile email	{ "businessPhones": [ "04xxxxxxxx40" ], "preferredLanguage": "en-IN", "mail": "john.d@zylker.com", "mobilePhone": "98xxxxxx12", "officeLocation": "Chennai", "displayName": "John", "surname": "Doe", "givenName": "John", "jobTitle": "Developer", "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users/$entity", "id": "395c6e49-99f3-415c-9aae-8a85340ed8fa", "userPrincipalName": "john.d@zylker.com" }

You can retrieve specific user data by including relevant properties in the Resource URL.

For example, to retrieve only the current user's principal name, office location, and email, you can include properties, such as userPrincipalName, officeLocation, and mail, in the resource URL as shown: https://graph.microsoft.com/v1.0/me?$select=mail,userPrincipalName,officeLocation

You can use any of these properties as User Property in OAuth configuration (in ServiceDesk Plus).

A sample response for the above resource URL is given below:

Resource URL

Scope

Sample Response

https://graph.microsoft.com/v1.0/me?$select=mail,userPrincipalName,officeLocation

openid profile email

{

"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users(mail,userPrincipalName,officeLocation)/$entity",
    "mail": "john.d@zylker.com",
    "userPrincipalName": "john.d@zylker.com",
     "officeLocation": "Chennai"
}

To see all available user properties you can include in your resource URL, refer here.
You can also use Microsoft Graph Explorer to try out different resource URLs and preview responses before adding them to your setup.

To know more about user data retrieval via Graph API, click here.