Mapping CASA Account with JSDN (Office 365)

This section explains you how to Map your CASA account with JSDN.

Pre-requisites:

  • Only existing Microsoft CASA customers can be mapped on JSDN.
  • Already consuming CASA licenses.
Checklist for Additional Information:
Note: Keep the below information ready before proceeding with the order flow:

Mapping CASA Account to JSDN

To obtain Microsoft Primary Domain and Custom Domain names.

  1. Log into portal.office.com using your Microsoft admin credentials.
  2. Navigate to the Admin section under the Apps.

  3. Select Domain from the left-pane.

  4. Make a note of the default domain which is your primary domain name.
  5. You can even map your custom domains (if any) which have been setup completely.

App Creation in Azure Portal

Create an app in azure portal by following the below steps:

  1. Log into portal.azure.com using your Microsoft admin credentials.

  2. Click Azure Active Directory option from the left menu.

  3. Once Active Directory opens up, Click App Registration option available in the left menu.

  4. In App registration section, Click “New registration” and app creation form appears on the screen.

  5. Fill up the form with respective information,
    • Go with default option in supported account types.
    • Enter http://localhost:8080/in the field next to web drop-down for Redirect URI.
    • Click on “Register” button.

  6. Once you click Register, the newly created app will appear.

App Permissions

  1. Now you have the newly created app available under “All applications” tab on App registration page.

  2. Click on the newly created app, the system will redirect you to app specific page.
  3. Click on “View API Permissions”. Refer to the list of existing API Permissions.

  4. Clicking “Add a permission” will open the window to select Microsoft API in order to provide the permissions.

  5. Select “Microsoft graph”, it will take user to a window displaying two permissions options i.e. Delegated permissions and Application permissions.

    • Select Delegated permissions
    • Click on Directory drop-down
    • Check permissions “Directory.Access as User.All” and Directory.ReadWrite.All”
    • Click on User drop-down
    • Check permissions “User.Read” and “User.ReadWrite.All”
    • Check “Email” and “Profile
  6. Click “Add permission” on the bottom, the selected permissions should display on API permission page table.

  7. Click “Grant admin consent" button on the API permission page.
  8. Click “Yes”, user will get the success message on the top and Granted permissions on the page under “Admin consent required column”.
  9. Perform Steps 3, 4, and 5 then
    • Select Application permissions
    • Click on Directory drop-down
    • Check permissions “Directory.Read.All” and Directory.ReadWrite.All”
    • Click on Domain drop-down
    • Check permissions “Domain.ReadWrite.All”
    • Click on User drop-down
    • Check permissions “User.ReadWrite.All”
  10. Perform Steps 6, 7, and 8
  11. Perform Steps 3, and 4
  12. Select “Azure Active Directory graph” on Request API permission window. It will take user to a window displaying two permissions options i.e. Delegated permissions and Application permissions.
    • Select Delegated permissions
    • Click on Directory drop-down
    • Check permissions “Directory.Access as User.All”
    • Click on User drop-down
    • Check permissions “User.Read” and “User.Read.All”
  13. Perform Steps 6, 7, and 8
    • Select Application permissions
    • Click on Domain drop-down
    • Check both the permissions “Domain.ReadWrite.All”
  14. Perform Steps 6, 7, and 8
  15. Perform Steps 3, and 4
  16. Select “Azure Service Management” on Request API permission window. It will take user to a window displaying two permissions options i.e. Delegated permissions and Application permissions.
    • Select Delegated permissions
    • Click on single permission available “User_impersonation”.
  17. Perform Step 6, 7, and 8
  18. Here, you are done with providing all the permissions and granting admin consent. You can check all the permission details on “API permissions” page.

Expose API

  1. Now, we have given the app permissions, next step is to Expose an API, navigate to app registrations page and select the newly created app.

  2. Double click on the newly created app.
  3. You will be directed to app specific page.
  4. Click on “Expose an API” option on the inner left-pane and click on “Add a scope”.

  5. You will be redirected to app specific- Expose an API window.
  6. Here you have to enter information as provided in the screen shot. User can add and edit existing scope.
  7. Click Save.

Update the Details in JSDN

You can map the O365 CASA Account details to JSDN while placing the order for any O365 service from the store catalogue.

  • Login to the Store URL with Admin credentials
  • Navigate to Catalogue > View Offer > Click on Add to cart.
  • After accepting the SLA, in Data collection page provide the O365 CASA Account details
  • Click Save and finish to complete the order.