If the user who installs SquaredUp for Azure is not able to run the SquaredUp setup wizard, i.e. is not an Azure global admin, then the steps in this article allow a user with the correct permissions to manually configure SquaredUp for Azure in the Azure Active Directory (AAD).
Before configuring SquaredUp for Azure
SquaredUp for Azure can either be deployed from the Azure Marketplace, or installed using the downloadable installer. Please ensure SquaredUp for Azure has been installed using your preferred method before continuing to manually configure SquaredUp for Azure.
- How to deploy SquaredUp for Azure from the Marketplace
- How to install SquaredUp for Azure using the installer
A note to global admins
You may have been referred to these instructions by someone who did not have the permissions required to complete the SquaredUp setup wizard themselves. As a global administrator you should have the needed permissions to run the SquaredUp setup wizard. Using the wizard is usually the quickest and easiest way to configure SquaredUp for Azure.
The SquaredUp setup wizard
The SquaredUp setup wizard runs when you access SquaredUp.
For a Marketplace deployment you access SquaredUp by browsing to https://DNSName
of the virtual machine (VM) deployed.
For SquaredUp installed using the downloadable installer you access SquaredUp by browsing to the URI specified during the install.
You can also see step by step guidance for running through the SquaredUp for Azure setup wizard here:
SquaredUp setup wizard following a Marketplace deployment
SquaredUp setup wizard following an installation using the downloadable installer.
If you are able to complete the SquaredUp setup wizard you need go no further with this article. Don't forget to follow the Next Steps section of the deploy or installer article to ensure you make the necessary users SquaredUp administrators.
If you prefer to carry out the configuration manually please continue with this article.
Manually create the AD Application
- In the Azure portal create a new application in Azure AD via Azure Active Directory > App Registrations- > New Registration
- Enter any name for the application.
- Enter the redirect URI for your SquaredUp instance - it must end with a slash, e.g. https://myserver/squaredupv4/
- Click Register.
- Configure the token authentication options by clicking Authentication (under Manage).
- Under Implicit grant, check the ID tokens box, and click the Save button at the top.
- Configure the permissions for the application by clicking API Permissions (under Manage).
-
Click Add a permission > Microsoft Graph > Delegated permissions and add the following permissions:
- Directory.Read.All
- Group.Read.All
- User.Read
- User.ReadBasic.All
- Click Add permissions.
- Click Add a permission > Azure Service Management > Delegated permissions and add the following permissions:
- user\impersonation_
- Click Add permissions.
- To enable AAD non-administrators to login, click the Grant admin consent for XXX button, and click Yes.
- Create a client secret via Certificates & secrets (under Manage).
- Click New client secret, provide a name and an appropriate expiry.
- Copy and save the displayed secret value. You will need this later for
client-secret
. - Add the application roles via Manifest (under Manage)
-
Replace
"appRoles": [],
with
"appRoles": [ { "allowedMemberTypes": [ "User" ], "description": "Default SquaredUp User", "displayName": "DefaultUser", "id": "6dff721d-651b-4a79-b5c5-ac66839a3130", "isEnabled": true, "lang": null, "origin": "Application", "value": "DefaultUser" }, { "allowedMemberTypes": [ "User" ], "description": "SquaredUp Administrator", "displayName": "SquaredUpAdministrator", "id": "1da1031d-cce9-4c98-8d39-5d39d3ad2fab", "isEnabled": true, "lang": null, "origin": "Application", "value": "SquaredUpAdministrator" } ],
- Click the Save button at the top.
- From the Overview blade, copy and save the Application (client) ID and the Directory (tenant) ID. You will need these later for
client-id
andtenant-id
.
Add a user as an administrator
Only SquaredUp administrators can manage SquaredUp. A SquaredUp administrator can give other users permission to create dashboards within Team Folders, so not all dashboard authors need to be SquaredUp administrators.
See How to make a user a SquaredUp administrator
Configure SquaredUp to use the application
If you are not the person who installed SquaredUp for Azure then you can now pass them the client-id
and client-secret
and they can complete the rest of this article.
You will need to connect to your SquaredUp server.
- On the SquaredUp for Azure server, run Notepad as administrator (Start, Run, type
notepad
, and then right-click and select Run as administrator). -
Open the following file from the
squaredupv4
folder:User/Configuration/openid.json
For an Azure Marketplace deployment the
squaredupv4
folder will typically be located atF:\squaredupv4
.For an install using the downloadable installer the default location is
C:\inetpub\wwwroot\SquaredUpv4
, but a custom location may have been chosen during the installation. -
The file will contain four properties:
{ "tenant-id": "", "client-id": "", "client-secret": "", "redirect-uri": "" }
-
Add the property values.
Use the details noted above for
tenant-id
,client-id
, andclient-secret
.The
redirect-uri
is the URL you use for accessing SquaredUp.For an Azure Marketplace deployment it may look similar to this
https://squaredupserver.eastus2.cloudapp.azure.com/
.For an install using the downloadable installer the default is to append the server fully qualified domain name (FQDN) with
/squaredupv4/
, e.g.https://squaredupserver.mydomain.net/squaredupv4/
, but this may have been customised during the installation. -
Your completed file will look something like this:
{ "tenant-id": "a1b23c4f-5de0-6ab7-8cde-9012345a678b", "client-id": "12a34b5c-d67e-89ab-c0d1-2345ea5bf78c", "client-secret": "1a234bc5fdea92ef8a391030bbfb66c40bd0c0bff4e3afe2ec1e68926b25a0554d65ed044b427a01dfca4a0588f6540eb", "redirect-uri": "https://squaredup1.eastus2.cloudapp.azure.com/" }
- Save the file.
- In IIS recycle the SquaredUpv4 application pool for the setting to take effect.
- Browse to SquaredUp using the
redirect-uri
specified. You will be prompted to login.