In order for K2 to integrate with the Web API using Azure AD, a separate Azure AD Application is required in your Azure tenant.
- Create the Application in Azure
- Add the K2 Identity Web Service as a RedirectUrl
- Generate a secret
- Browse to https://portal.azure.com and login.
- Next, select Browse > Active Directory. This will open the management portal for Azure.
- Click the Applications tab from the top navigation.
- Click the Add button.
- Click the Add an application my organization is developing link.
- Give the application a name, for example K2 Web API Integration, and select WEB APPLICATION AND/OR WEB API. Click the arrow to continue.
- Specify a Sign-On URL(this is not used so any valid URL will do) as well as the APP ID URI (also not used but make it something valid and identifiable). Click the mark.
- When the application opens on the splash page, click the Configuration tab.
- Scroll to the permissions section and click the Add application button.
- In the Show drop-down, select All Apps and search for your Web API app.
- Select the Web API’s / Azure API’s you want to access and click the check mark.
||Note: If your API is not listed here, make sure that you have created and Azure AD App for the Web API – just deploying a Web API / Azure API App does not automatically create a corresponding Azure AD App.
- The selected apps are now listed under the permissions section.
- For each app, assign the delegated permissions section.
- Under keys section, select the expiration period for the ‘key’ (also called app_secret, client_secret or app_key) and click the Save button for the value to be generated.
||Note: This value is never shown to you again, so make a record of it somewhere safe.
- Take the K2 Web Service URL value found in Environment Library, append ‘Identity/Token/OAuth/2’ to it, and add it in the REPLY URL list.
- Click the Save button.
- Click on the View Endpoints button and save the values for the following endpoints:
- OAUTH 2.0 TOKEN ENDPOINT
- OAUTH 2.0 AUTHORIZATION ENDPOINT
- Create a new OAuth Resource via the K2 Management site as outlined in the next section.