Connecting Perfony and Office 365

Introduction

The iPerfony for Office365 Connector offers the following functions:

• Automatic login (SSO) for Office365 users in the Perfony web app.
• Automatic login (SSO) for Office365 users in the Perfony tab of MS Teams.
• Automatic login (SSO) for Office365 users in the Outlook AddIn.
• Automatic synchronisation of MS Teams team members with participants in a Perfony folder.
• Access OneDrive for Business documents from Perfony.

The iPerfony OneDrive for Business connector lets you link documents stored on OneDrive to iPerfony. The customer thus retains full control over the organisation of its documents and full control over access rights to these documents. For example, participants in an iPerfony folder to which a document stored on OneDrive has been linked will only be able to open the document if they have OneDrive authorisations.

Authorisation management in Azure Portal

1 – Connect to https://portal.azure.com

2 – Go to the “Azure Active Directory” section > “App registrations (Preview)”

3 – Add an application by clicking on “New registration” :

4 – In the form that appears, enter:

• A name (“iPerfony for Office365” for example).
• Type of account: “Accounts in any organizational directory”

6 – On the next screen, copy “Application (client) ID” and “Directory (tenant) ID”. This information must be provided to the Perfony teams.

7 – Then click on “Authentication”, then on « Add a platform »:

8 – In the right-hand panel select « web »:

9 – Enter the URL for SSO in the web app https://xxx.iperfony.com/clients/web/office365sso.php. Attention “xxx” is to be replaced by the name of your Perfony instance, and tick the “Access tokens” and “ID tokens” boxes, then click on “Configure”:

10 – On the next page, enter the redirection URIs corresponding to the functions to be activated (xxx should be replaced by the name of your Perfony instance):

• https://xxx.iperfony.com/clients/office365/teams/teams-auth.php for SSO in MS Teams.
• https://xxx.iperfony.com/clients/office365/teams/auth-silent-end.php for SSO in MS Teams too, but in a silent version.
• https://xxx.iperfony.com/clients/onedrivefilepicker/onedrive-file-picker.php for the OneDrive connector.
• https://apps.iperfony.com/clients/web/office365sso.php for SSO in the Outlook AddIn.

Then click on “Save”.

11 – Then click on “API permissions” and then on the “Add a permission” button:

12 – Select “Microsoft Graph” then “Delegated permissions”.

13 – Tick:

• email
• openid
• profile

14 – Then further down, in “Directory”, tick Directory.Read.All if you want to activate the Teams synchronisation function:

15 – To use the email extension to send messages, you need to give the application the following permissions:

• In ChannelMessage: ChannelMessage.Send
• In Chat: Chat.ReadWrite
• In ChatMessage: ChatMessage.Send
• In Group: Group.readWrite.All

16 – Click on “Add permissions”.

17 – On the new page, click on “Grant admin consent for XXX”:

18 – Then click on “Yes”.

At the end of this procedure, provide the Perfony teams with: contact@perfony.com

The Application (client) ID

The Directory (tenant) ID

Enabled functions: SSO web App, SSO Teams (standard + silent), Teams synchronisation.