ELO Docs
 Configuration and administration

# Microsoft Azure configuration

This chapter shows how to configure authentication with Microsoft Azure.

Information

By configuring authentication with Microsoft Azure, you can also enable the Check out to OneDrive function in the ELO clients.

You will find more information about this function in the Connect ELO to Microsoft OneDrive (opens new window) documentation and in the following user documentation:

To enable this function, follow the instructions in this chapter and note the information in the Assign permissions chapter.

# Register app

First, you need to register an app in Microsoft Azure.

Please note

This documentation does not cover basic configuration of a Microsoft Azure environment or subscriptions, both of which are required for this.

  1. Log on to Microsoft Azure as an administrator.

    'Microsoft Entra ID' area; 'App registrations' menu item

  2. Go to App registrations.

    'App registrations' area; 'New registration' button

  3. Select New registration.

    The Register an application page opens.

  4. Enter a name for the app. You can choose any name you like.

    Example: ELOauth2

  5. Under Supported account types, select the option Accounts in this organizational directory only (only <name of tenant> - individual client).

  6. Under Redirect URI (optional), select the Web option.

  7. Enter a URL that can be reached on the internet as follows:

    https://<server address>/ix-<repository>/plugin/de.elo.ix.plugin.rest/auth2/callback/microsoft

    Information

    ELO Modern Authentication configuration page; configuration area for Microsoft; 'Callback URL' field

    This URL is also provided on the ELO Modern Authentication configuration page under Callback URL.

  8. Select Register.

    The app is registered in Microsoft Azure.

# Assign permissions

You can assign the required permissions as soon as the app is registered.

  1. Open the API permissions area.

  2. Select Add permissions.

    The Request API permissions area opens.

    Add the permissions 'email', 'openid', and 'profile'

  3. Select Microsoft Graph.

  4. Add the following delegated permissions:

    • Microsoft Graph:
      • email
      • openid
      • profile
      • Files.ReadWrite.AppFolder
      • User.Read
      • Files.ReadWrite.All
      • offline_access

    Information

    The permissions Files.ReadWrite.AppFolder and Files.ReadWrite.All enable the Check out to OneDrive function in the ELO clients.

  5. Confirm with Add permissions.

    'Configured permissions' area; button for granting admin consent

  6. Select Grant admin consent for <tenant>.

    The Confirm admin consent dialog box opens.

  7. Click Yes to confirm.

    The permissions are added.

  8. On the ELO Modern Authentication configuration page, enter the following values in the Scope field:

    openid email profile offline_access .default

# Transfer information in configuration

After the app is registered and has been assigned permissions, you can transfer the information to the ELO Modern Authentication configuration page.

'Overview' area

  1. Open the Overview area in Microsoft Azure.

  2. Copy the value for Application ID (client).

  3. Enter the value on the ELO Modern Authentication configuration page under Client ID.

    Transferred settings on the ELO Modern Authentication configuration page

    Optional: If you use the ELO Desktop Client and/or ELO Bot, you can also enter the copied value under Audience.

  4. Copy the value for Directory ID (client) from Microsoft Azure.

  5. Enter the value on the ELO Modern Authentication configuration page under Issuer instead of the {tenant} placeholder.

  6. Save the settings with Save.

# Client secret

This also requires a client secret to enable the connection to the Microsoft Azure app to work. This must be entered on the ELO Modern Authentication configuration page.

Important

Regularly renew the client secret before its validity expires.

Once the client secret expires, it will no longer be possible to log on with ELO Modern Authentication. In this case, you have to use the Recovery URL.

  1. Open the Certificates & secrets area in Microsoft Azure.

  2. Select New client secret.

    The Add a client secret area appears.

  3. Enter a short description for the client secret in the Description field.

  4. Select a time frame for Valid until.

  5. Confirm with Add.

    Microsoft Azure creates a client secret.

  6. Copy the client secret from the Value column.

    ELO Modern Authentication configuration page; configuration area for Microsoft; 'Client secret' field

    Please note

    Write down the value of the client secret immediately after you create it. This value is no longer shown in its entirety when you open the overview of secrets at a later point in time.

  7. Enter the copied client secret on the ELO Modern Authentication configuration page under Client secret.

  8. Save the settings with Save.

All the other fields can be left unchanged and only need to be adapted if required.

The registration in Microsoft Azure has been successfully configured.

Edit this page (opens new window)
Last updated: November 6, 2025 at 8:34 PM

Reverse proxies →