Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry Work 3.7
  3. Configuring Office 365 Modern Authentication for BlackBerry Dynamics Apps
  4. Enable modern authentication for the Mail service in BEMS
  5. Obtain an Azure app ID for BEMS with credential or passive authentication

Obtain an
Azure
 app ID for
BEMS
 with credential or passive authentication

If you need to obtain multiple
Azure
 app IDs (for example,
Docs
 and
BlackBerry Work
), it is recommended that you create a separate app ID for each app.
  1. Sign in to portal.azure.com.
  2. In the left column, click
    Azure Active Directory
    .
  3. Click
    App registrations
    .
  4. Click
    New registration
    .
  5. In the
    Name
     field, enter a name for the app.
  6. Select a supported account type.
  7. In the
    Redirect URI
     section, in the drop-down list, complete one of the following tasks. The Redirect URI is the URL that the user is redirected to after they successfully authenticate to the identity provider (IDP).
    Important
    : Make sure that the Redirect URL matches the URL to the dashboard or authentication might not work as expected.
    • For credential authentication, select
      Web
       and enter
      https://localhost:8443
      .
    • For passive authentication, select
      Public client/native (mobile & desktop)
       and enter the URL that you use to access the
      BEMS
       Dashboard.
      • If you access the
        BEMS
         Dashboard from the computer that hosts the BEMS instance, enter
        https://localhost:8443
        .
      • If you access the
        BEMS
         Dashboard remotely, enter
        https://
        <FQDN of the computer that hosts the BEMS instance>
        :8443
        .
  8. Click
    Register
    . The new registered app appears.
  9. In the
    Manage
     section, click
    API permissions
    .
  10. In the
    Configured permissions
     section, if
    Microsoft Graph
     is listed, click
    Microsoft Graph
    . If it is not listed, add
    Microsoft Graph
    .
  11. Set the following permissions:
    • For
      Microsoft Exchange Web Services
      : Access mailboxes as the signed-in user via Exchange Web Services (
      EWS > EWS.AccessAsUser.All
      )
    • For
      Microsoft Graph
      : For Sign in and read user profile (
      User > User.Read
      ).
  12. Click one of the following:
    • If the
      Microsoft Graph
       API permission existed in the API permissions list, click
      Update permissions
      .
    • If you needed to add the
      Microsoft Graph
       API permission, click
      Create
  13. Click
    Grant admin consent
    . Click
    Yes
    .
    This step requires tenant administrator privileges.
  14. To allow autodiscovery to function as expected, set the authentication permissions.
    1. In the
      Manage
       section, click
      Authentication
      .
    2. Under the
      Allow public client flows
       section, select
      Yes
       to
      Enable the following mobile and desktop flows
      .
    3. Click
      Save
      .
  15. Click
    Overview
    . Copy the
    Application (client) ID
    . The Application (client) ID is displayed in the main
    Overview
     page for the specified app. This is used as the
    Client application ID
     when you enable modern authentication and configure
    BEMS
     to communicate with
    Microsoft Office 365
    .