Search

MachPanel Knowledgebase

INFO:CSP Secure Application Model

Mudesira Munir
MachPanel

Summary

This articles provides info how CSP secure application model can be integrated with CSP profiles in MachPanel.

Applies To

Applies to MachPanel build version 6.2.10 and above.​

Steps to integrate CSP Secure Application Model

References:

http://assetsprod.microsoft.com/csp-partner-application-overview.pdf
https://docs.microsoft.com/en-us/powershell/partnercenter/secure-app-model?view=partnercenterps-1.5

Summary of Steps to perform on Microsoft Azure Portal:

  • Go to:  https://portal.azure.com/ and login using your CSP Service Account, then navigate to "Azure Active Directory" >> "App Registrations".
  • Here, either use Existing Application or create "New Registration".
  • Add Redirect URI for your Web Application as: urn:ietf:wg:oauth:2.0:oob
  • Hit Register to register this application.

  • Click on your desired Application, and click the option "API Permissions".
  • Click on Add Permission button and add permissions as highlighted below. Once done, hit the "Grant admin consent for <CSP Account>" button:

  •  Finally, click on "Certificates & Secrets" from Menu and create "Client Secret" and save it with you as you will need this later (this will be used as $webAppSecret in commands below).

​​

​ 

Steps to perform on MachPanel Control Panel Server:

  • Uninstall "Microsoft Azure Active Directory Module" for Windows PowerShell v1.1.166.0, if installed.
  • Install PowerShell 5.1 if not installed.
    • To check your PowerShell version use command: $PSVersionTable.PSVersion
  • It should be like below or a latest build
     
  • To install: https://www.microsoft.com/en-us/download/details.aspx?id=54616

  • ​To Install Module MSOnline using command: Open PowerShell as Administrator

    1. Run Command Get-PackageProvider
      1. See: NuGet, version should be: 2.8.5.208 or latest.
        1. If version is older then 2.8.5.208 run commands:
          1. [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12;
          2. Install-PackageProvider -Name NuGet -RequiredVersion 2.8.5.208 -Force
        2. Once done, Close PowerShell and Re-open as Administator.
    2. Run commands:
      1. [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12;
      2. Install-Module -Name MSOnline
      3. Install-Module -Name PartnerCenter
      4. Import-Module MSOnline
      5. Get-Module
        1. MsOnline version should be >= 1.1.183.17

 

Execute commands below to get your - *Refresh Token: - to be inserted into MachPanel Profile settings.

  • ​​​​Replace Values in below variables (highlighted) as per your profile and run on PowerShell

 

​​​

$webAppId = '00000000-0000-0000-0000-00000000000'

$webAppSecret = 'fjrnf34ffn43oif34iofj3ifjfoi34foi34fj' | ConvertTo-SecureString -AsPlainText -Force

$tenantId = '00000000-0000-0000-0000-00000000000'

$credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $webAppId,$webAppSecret

$token = New-PartnerAccessToken -Consent -Credential $credential -Resource https://api.partnercenter.microsoft.com -TenantId $tenantId -ApplicationId $webAppId

Enter CSP Service Account Username/Password and MFA Key when prompted during command execution to generate token.

To get token value write $token.refreshtoken and hit Enter. Copy value of Refresh token.​