How to manually configure SquaredUp for Azure

If the user who installs SquaredUp for Azure is not able to run the SquaredUp setup wizard, i.e. is not an Azure global admin, then the steps in this article allow a user with the correct permissions to manually configure SquaredUp for Azure in the Azure Active Directory (AAD).

Before configuring SquaredUp for Azure

SquaredUp for Azure can either be deployed from the Azure Marketplace, or installed using the downloadable installer. Please ensure SquaredUp for Azure has been installed using your preferred method before continuing to manually configure SquaredUp for Azure.

• How to deploy SquaredUp for Azure from the Marketplace
• How to install SquaredUp for Azure using the installer

A note to global admins

You may have been referred to these instructions by someone who did not have the permissions required to complete the SquaredUp setup wizard themselves. As a global administrator you should have the needed permissions to run the SquaredUp setup wizard. Using the wizard is usually the quickest and easiest way to configure SquaredUp for Azure.

The SquaredUp setup wizard

The SquaredUp setup wizard runs when you access SquaredUp.

For a Marketplace deployment you access SquaredUp by browsing to https://DNSName of the virtual machine (VM) deployed.

For SquaredUp installed using the downloadable installer you access SquaredUp by browsing to the URI specified during the install.

You can also see step by step guidance for running through the SquaredUp for Azure setup wizard here:

SquaredUp setup wizard following a Marketplace deployment

SquaredUp setup wizard following an installation using the downloadable installer.

If you are able to complete the SquaredUp setup wizard you need go no further with this article. Don't forget to follow the Next Steps section of the deploy or installer article to ensure you make the necessary users SquaredUp administrators.

If you prefer to carry out the configuration manually please continue with this article.

Manually create the AD Application

1. In the Azure portal create a new application in Azure AD via Azure Active Directory > App Registrations- > New Registration
2. Enter any name for the application.
3. Enter the redirect URI for your SquaredUp instance - it must end with a slash, e.g. https://myserver/squaredupv4/
4. Click Register.
5. Configure the token authentication options by clicking Authentication (under Manage).
6. Under Implicit grant, check the ID tokens box, and click the Save button at the top.
7. Configure the permissions for the application by clicking API Permissions (under Manage).

8. Click Add a permission > Microsoft Graph > Delegated permissions and add the following permissions:

   • Directory.Read.All
   • Group.Read.All
   • User.Read
   • User.ReadBasic.All
9. Click Add permissions.
10. Click Add a permission > Azure Service Management > Delegated permissions and add the following permissions:
11. user\impersonation_
12. Click Add permissions.
13. To enable AAD non-administrators to login, click the Grant admin consent for XXX button, and click Yes.
14. Create a client secret via Certificates & secrets (under Manage).
15. Click New client secret, provide a name and an appropriate expiry.
16. Copy and save the displayed secret value. You will need this later for client-secret.
17. Add the application roles via Manifest (under Manage)

18. Replace

    "appRoles": [],

    with

    "appRoles": [
    		{
    				"allowedMemberTypes": [
    						"User"
    				],
    				"description": "Default SquaredUp User",
    				"displayName": "DefaultUser",
    				"id": "6dff721d-651b-4a79-b5c5-ac66839a3130",
    				"isEnabled": true,
    				"lang": null,
    				"origin": "Application",
    				"value": "DefaultUser"
    		},
    		{
    				"allowedMemberTypes": [
    						"User"
    				],
    				"description": "SquaredUp Administrator",
    				"displayName": "SquaredUpAdministrator",
    				"id": "1da1031d-cce9-4c98-8d39-5d39d3ad2fab",
    				"isEnabled": true,
    					"lang": null,
    				"origin": "Application",
    				"value": "SquaredUpAdministrator"
    		}
    	],

19. Click the Save button at the top.
20. From the Overview blade, copy and save the Application (client) ID and the Directory (tenant) ID. You will need these later for client-id and tenant-id.

Add a user as an administrator

Only SquaredUp administrators can manage SquaredUp. A SquaredUp administrator can give other users permission to create dashboards within Team Folders, so not all dashboard authors need to be SquaredUp administrators.

See How to make a user a SquaredUp administrator

Configure SquaredUp to use the application

If you are not the person who installed SquaredUp for Azure then you can now pass them the client-id and client-secret and they can complete the rest of this article.

You will need to connect to your SquaredUp server.

1. On the SquaredUp for Azure server, run Notepad as administrator (Start, Run, type notepad, and then right-click and select Run as administrator).

2. Open the following file from the squaredupv4 folder:

   User/Configuration/openid.json

   For an Azure Marketplace deployment the squaredupv4 folder will typically be located at F:\squaredupv4.

   For an install using the downloadable installer the default location is C:\inetpub\wwwroot\SquaredUpv4, but a custom location may have been chosen during the installation.

3. The file will contain four properties:

   {
     "tenant-id": "",
     "client-id": "",
     "client-secret": "",
     "redirect-uri": ""
   }

4. Add the property values.

   Use the details noted above for tenant-id, client-id, and client-secret.

   The redirect-uri is the URL you use for accessing SquaredUp.

   For an Azure Marketplace deployment it may look similar to this https://squaredupserver.eastus2.cloudapp.azure.com/.

   For an install using the downloadable installer the default is to append the server fully qualified domain name (FQDN) with /squaredupv4/, e.g. https://squaredupserver.mydomain.net/squaredupv4/, but this may have been customised during the installation.

5. Your completed file will look something like this:

   {
     "tenant-id": "a1b23c4f-5de0-6ab7-8cde-9012345a678b",
     "client-id": "12a34b5c-d67e-89ab-c0d1-2345ea5bf78c",
     "client-secret": "1a234bc5fdea92ef8a391030bbfb66c40bd0c0bff4e3afe2ec1e68926b25a0554d65ed044b427a01dfca4a0588f6540eb",
     "redirect-uri": "https://squaredup1.eastus2.cloudapp.azure.com/"
   }

6. Save the file.
7. In IIS recycle the SquaredUpv4 application pool for the setting to take effect.
8. Browse to SquaredUp using the redirect-uri specified. You will be prompted to login.