JDBC Driver for Azure Active Directory

Build 22.0.8509

Creating a Custom AzureAD App

There are two types of custom AzureAD applications: AzureAD and AzureAD with an Azure Service Principal. Both are OAuth-based.

When to Create a Custom Application

CData embeds OAuth Application Credentials with CData branding that can be used when connecting via either a Desktop Application or from a Headless Machine.

You may choose to use your own AzureAD Application Credentials when you want to

  • control branding of the Authentication Dialog
  • control the redirect URI that the application redirects the user to after the user authenticates
  • customize the permissions that you are requesting from the user

Custom AzureAD Applications

You can use a custom AzureAD application to authenticate a service account or a user account. You can always create a custom AzureAD application, but note that desktop and headless connections support embedded OAuth, which simplifies the process of authentication. See "Establishing a Connection" for information about using the embedded OAuth application.

Create a Custom AzureAD App

Follow the steps below to obtain the AzureAD values for your application, the OAuthClientId and OAuthClientSecret.

  1. Log in to https://portal.azure.com.
  2. In the left-hand navigation pane, select Azure Active Directory, then applicationRegistrations, and click New registration.
  3. Enter an application name and select the desired tenant setup. When creating a custom AzureAD application in Azure Active Directory, you can define whether the application is single- or multi-tenant. If you select the default option, "Accounts in this organizational directory only", you must set the AzureTenant connection property to the Id of the Azure AD Tenant when establishing a connection with the CData JDBC Driver for Azure Active Directory. Otherwise, the authentication attempt fails with an error. If your application is for private use only, "Accounts in this organization directory only" should be sufficient. Otherwise, if you want to distribute your application, choose one of the multi-tenant options.
  4. Set the redirect url to http://localhost:33333, the driver's default. Or, specify a different port and set CallbackURL to the exact reply URL you defined.
  5. Click Register to register the new application. This opens an application management screen. Note the value in Application (client) ID as the OAuthClientId and the Directory (tenant) ID as the AzureTenant.
  6. Navigate to the "Certificates & Secrets" and define the application authentication type. There are two types of authentication available: client secret or certificate. The recommended authentication method is using a certificate.

    • Option 1: Upload a certificate: In "Certificates & Secrets", select Upload certificate and the certificate to upload from your local machine.
    • Option 2: Create a new application secret: In "Certificates & Secrets", select New Client Secret for the application and specify its duration. After saving the client secret, the key value is displayed. Copy this value as it is displayed only once. You will need it as the OAuthClientSecret.

  7. Select API Permissions > Add > Delegated permissions.
  8. Select the Microsoft Graph API, and the following delegated permissions allow access to the full functionality of the driver:
    • Read and write all Domains, Groups
    • Read all Users, Directories, Devices, RoleManagement, Organization
  9. Save your changes.
  10. If you have selected to use permissions that require admin consent (such as the Application Permissions), you can grant them from the current tenant on the API Permissions page. Otherwise, follow the steps under "Admin Consent".

Copyright (c) 2023 CData Software, Inc. - All rights reserved.
Build 22.0.8509