This article provides a summary for Azure App Configuration required for Partner Center Management
This article applies to MachPanel build version 7.0.41 and above.
Important Note:
- [A new RefreshToken will be required after applying permissions in Microsoft Entra ID (AKA Azure) app.]
- Please follow below article first, If you have not reviewed it yet.
https://kb.machsol.com/Knowledgebase/54511/CSP-Module-Configuration-Guide-for-MachPanel-Automation-Solution
Steps Procedure
- You will be asked to fill following details while adding profile which can be captured using below section:
COLLECTING DETAILS TO ADD CSP PROFILE
- Login to Microsoft Partner Center click on "Dashboard >> View Users", this will land you on "User Management".
- Under User Management you can click Add User.
- For CSP Service Account following "roles and permissions" are required:
Summary of Steps to perform on Microsoft Azure Portal:
- Go to: https://portal.azure.com/ and login using your CSP Service Account, then navigate to "Microsoft Entra ID" >> "App Registrations".
- Create "New Registration".
- Web Redirect URL shall be set as ‘localhost’ with ‘http’ protocol and any port available between 8400 and 8999 Like: ‘http://localhost:8400’
- Hit Register to register this application.
- Click on your desired Application, and click the option "Manifest"
- Locate "requiredResourceAccess"
and replace as explained in attached "API Permissions.txt".
- One more thing, as a new user (admin agent) account and app is configured, please make sure that API Permissions are all granted admin consent by clicking on button (need super admin account impersonation/elevation) depicted below in Microsoft Entra ID (AKA Azure).
-
- Finally, click on "Certificates &
Secrets" from Menu and create "Client Secret" and save it with you as
you will need this later (this will be used as $webAppSecret in commands below).
Summary of Steps to perform on MachPanel Control Panel Server Machine:
-
Execute commands below to get your - *Refresh Token: - to be inserted into MachPanel Profile settings.
- Replace Values in below variables (highlighted) as per your profile and run on PowerShell.
$webAppId = '00000000-0000-0000-0000-00000000000'
$webAppSecret = 'fjrnf34ffn43oif34iofj3ifjfoi34foi34fj' | ConvertTo-SecureString -AsPlainText -Force
$tenantId = '00000000-0000-0000-0000-00000000000'
$credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $webAppId,$webAppSecret
$Token = New-PartnerAccessToken -Scopes 'https://api.partnercenter.microsoft.com/.default' -ServicePrincipal -ApplicationId $webAppId -Credential $credential -Tenant $tenantId -UseAuthorizationCode
- Enter CSP Service Account Username/Password and MFA Key when prompted during command execution to generate token.
- To get token value write $token.refreshtoken and hit Enter. Copy value of Refresh token.
Once done insert all required details of MachPanel CSP Profile in Partner Center Management section.