Summary

This article provides a summary for Azure App Configuration required for Partner Center Management

Applies To

This article applies to MachPanel build version 7.0.41 and above.

Important Note:

1. [A new RefreshToken will be required after applying permissions in Microsoft Entra ID (AKA Azure) app.]
2. Please follow below article first, If you have not reviewed it yet.

https://kb.machsol.com/Knowledgebase/54511/CSP-Module-Configuration-Guide-for-MachPanel-Automation-Solution

Steps Procedure

•  You will be asked to fill following details while adding profile which can be captured using below section:

COLLECTING DETAILS TO ADD CSP PROFILE

Enable Permissions for 'Microsoft Partner Center' and 'Windows Azure Active Directory Portal':

• Login to Microsoft Partner Center click on "Account Settings" >> "User Management.
• Under User Management you can click Add User.
  
• For CSP Service Account following "roles and permissions" are required:

Summary of Steps to perform on Microsoft Azure Portal:

• Go to:  https://portal.azure.com/ and login using your CSP Service Account, go to "App Services", then navigate to "Manage" >>  "App Registrations" >> "New registration".
  

            ​​

• You will be presented with options to "Register an application".
• Web Redirect URL shall be set as ‘localhost’ with ‘http’ protocol and any port available between 8400 and 8999 Like: ‘http://localhost:8400’
• Hit Register to register this application.
  

• Click on your desired Application, and click the option "Manifest"
• Locate "requiredResourceAccess"
  
  and replace as explained in attached "API Permissions.txt" (download the file from attachment link in this KB).
• One more thing, as a new user (admin agent) account and app is configured, please make sure that API Permissions are all granted admin consent by clicking on button (need super admin account impersonation/elevation) depicted below in Microsoft Entra ID (AKA Azure).
•  

• Finally, click on "Certificates & Secrets" from Menu and create "New client secret" and save it with you as you will need this later (this (Value) of newly created Client Secret will be used later as $webAppSecret in commands below).

​​

​Summary of Steps to perform on MachPanel Control Panel Server Machine:

• Execute commands below to get your - *Refresh Token: - to be inserted into MachPanel Profile settings.
• ​​​​Replace Values in below variables (highlighted) as per your profile and run on PowerShell.

​​​

$webAppSecret = 'fjrnf34ffn43oif34iofj3ifjfoi34foi34fj' | ConvertTo-SecureString -AsPlainText -Force

$tenantId = '00000000-0000-0000-0000-00000000000'

$credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $webAppId,$webAppSecret

$Token = New-PartnerAccessToken -Scopes 'https://api.partnercenter.microsoft.com/.default' -ServicePrincipal -ApplicationId $webAppId -Credential  $credential -Tenant $tenantId -UseAuthorizationCode

• ​Enter CSP Service Account Username/Password and MFA Key when prompted during command execution to generate token.
• To get token value write $token.refreshtoken and hit Enter. Copy value of Refresh token.​

Once done insert all required details of MachPanel CSP Profile in Partner Center Management section.