Authentication

<< Click to Display Table of Contents >>

Raynet One Data Hub > 14.0 > Connectors > Alphabetic Connector List > Microsoft Graph Generic Query > Connector Parameters 

Authentication

Server URL

This parameter represents the endpoint of the server.

 

Technical Name

server_url

Category

Authentication

Type

String

Default Value

https://graph.microsoft.com

Example Values

https://graph.microsoft.com

 

Documentation on beta endpoint reference

 

Client ID

This parameter should contain the client ID which is associated with the account and together with the client secret part of the credentials used for the OAuth2 authentication.

 

Technical Name

client_id

Category

Authentication

Type

String

Default Value

n/a

Example Values


 

In order to execute the connector ti is required to set up an authorized app (service principal) in Azure that has been assigned the Reader role. The simplest way to achieve that is to use the Azure command line interface (CLI) like described in the official documentation. The response contains the necessary credentials:

appID (clientID)

password (clientSecret), and

tenantID (this is the ID of the underlying Azure Active Directory).

 

Client Secret

This parameter should contain the client secret that has been generated for the app in the app registration portal.

 

Technical Name

client_secret

Category

Authentication

Type

String

null

Default Value

null

Example Values

null

 

Supply EITHER a client secret OR a private key AND a certificate. In order to execute the connector it is required to set up an authorized app (service principal) in Azure that has been assigned the Reader role. The simplest way to achieve that is to use the Azure command line interface (CLI) like described in the official documentation. The response contains the necessary credentials:

appID (clientID)

password (clientSecret), and

tenantID (this is the ID of the underlying Azure Active Directory).

 

RSA Private Key (PEM, PKCS#8)

This parameter contains the private key associated with the public key to the account.

 

Technical Name

private_key

Category

Authentication

Type

String

null

Default Value

null

Example Values

null,

-----BEGIN PRIVATE KEY-----

MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAA

oIBAQD8pNLKhayHFAJ1ey5nTUGa9wPzOwjlmCgiLbyzw2

2wQrhCBT+DMa24+iSAKHE72lgK5/OQOTbIPFWP

...

vSlewskdmlsKXZ1hPG20JotkFG7jEz8fKTV4BgTmqWIyQ

Xx/U4aNjoXBLzyvf1t4

-----END PRIVATE KEY-----

 

Instead of authentication with a Client Secret, one can use a certificate and private key. According to the official documentation the certificate can be used wherever a client secret is used, but your experiences might vary. The key pair (private key and certificate) must be generated on a trusted machine with openssl. The key pair an be generated so:

openssl req -x509 
-newkey rsa:4096 
-keyout key.pem 
-out cert.pem 
-days 365 -nodes

The meta information (CN, Issuer, etc.) is technically not required, but one should set some reasonable values nevertheless. Set this parameter to the content of the file key.pem. Keep the key secret. Do NOT share it with anybody. Whoever has access to this key will be able to impersonate the application. Do NOT reuse keys for different application. Always generate a new keypair for every application.

 

X509 Certificate (PEM)

This parameter contains the X.509 certificate registered with the account.

 

Technical Name

certificate

Category

Authentication

Type

String

null

Default Value

null

Example Values

null,

-----BEGIN CERTIFICATE-----

MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAA

oIBAQD8pNLKhayHFAJ1ey5nTUGa9wPzOwjlmCgiLbyzw2

2wQrhCBT+DMa24+iSAKHE72lgK5/OQOTbIPFWP

...

vSlewskdmlsKXZ1hPG20JotkFG7jEz8fKTV4BgTmqWIyQ

Xx/U4aNjoXBLzyvf1t4

-----END CERTIFICATE-----

 

During the generation of the Private Key, an associated public key (certificate) was written to the file cert.pem. On the Azure Portal, the certificate must be registered for the application of the Azure AD. Follow the official documentation for the detailed description. This parameter must be set to the content of the certificate (the file cert.pem). The certificate can be shared with anybody and cannot be abused for authentication.

 

Tenant

This parameter contains the directory tenant that permission shall be requested from. This can be in a GUID or friendly name format.

 

Technical Name

tenant

Category

Authentication

Type

String

Default Value

n/a

Example Values