docs

Netpump Service App Registration Configuration Guide

This guide will show you how to setup the app registration for a Netpump Server cluster through Azure portal.

Each cluster of Netpump Servers uses a single app registration. All Netpump Servers in the cluster can communicate with each other. All users assigned to the app registration can use the Netpump Servers.

Audience

The user of this guide should have basic or moderate knowledge of how to use Azure Portal, and Microsoft Entra ID.

Steps

Create new App Registration

  1. Goto https://portal.azure.com and login

  2. Search for Microsoft Entra ID and click on it.

    Search for Microsoft Entra ID

  3. Click Add then select App Registration

    Add App Registration

  4. Type in a name for the app e.g. Netpump Server

  5. Select Accounts in this organizational directory only

  6. Click Register

Set up API requirements for the App Registration

Setup the Application ID URI

  1. Click Expose an Api

    Click on Expose an Api

  2. Click Add next to the Application ID URI

    Click to add Application ID URI

  3. Click Save

    Save the Application ID URI

    ℹ️ Note: Whether you use a default value or a specific value is based on individual company policy, it has no impact on Netpump.

Create scope Transfers.All

  1. Click Add a Scope

    Click to add a scope

  2. Fill in the form in with the below values

    ℹ️ Note: Only Scope Name is required to match the below value, the consent display names and descriptions can be adjusted to suit company requirements and policy.

       
    Scope name* Transfers.All
    Who can consent? Admin and users
    Admin consent display name Allows all Transfer Operations
    Admin consent description Allows a user to handle all operation in relations Transfers
    User consent display name Transfer Admin
    User consent description Allows a user to handle all operation in relations Transfers

    Fill in scope settings

  3. Click Add Scope

Add authorized client applications

  1. Click Add a client application

    Click to add a client application

  2. Add the client ID d99b6435-bf29-4655-a1a2-ed1dbad109b3

    ℹ️ Note: This guid is for the global Netpump Desktop Application

  3. Tick boxes for
    • Transfers.All

      ℹ️ Note: The prefix will change depending on the Application ID URI

    Alt text

  4. Click Add application

Create an App Role

  1. Click App roles

    App role

  2. Click Create App Role

  3. Enter the details as follows:

       
    Display name Automation
    Allowed member types Applications
    Value Automation
    Description Server to server and script access

    Create app role

  4. Click Apply

Setup permissions

  1. Click API permissions

    Alt text

  2. Click Add permission

    Alt text

  3. Click APIs my Organization Uses

  4. Search for Netpump Server

    ℹ️ Note: The name will depend what name you gave the application in the App Registration

    Alt text

  5. At the “What type of permission?” question, choose Delegated, and add the Transfers.All permission

    Alt text

  6. Click Add permissions to save this permission.

  7. Click Add permission a second time

    Alt text

  8. Search for Netpump Server again

    ℹ️ Note: The name will depend what name you gave the application in the App Registration

  9. At the “What type of permission?” question, this time choose Application, and add the Automation permission

    Alt text

  10. Click Add permissions to save this permission.

Create the Client Secret

  1. Click Certificates & secrets

    Alt text

  2. Click New client secret

    Alt text

  3. Enter a description for this secret, select the desired expiry (per company requirements) and click Add

    ℹ️ Note: This secret will be used for the authentication settings when provisioning Netpump servers.

  4. Copy the client secret and save it for Netpump server provisioning later

    ℹ️ Note: You can not view this secret after you leave this page.

    Alt text

Edit the manifest

  1. Click Manifest in the menu

    Manifest

  2. Edit the manifest to set accessTokenAcceptedVersion to the value 2

    "accessTokenAcceptedVersion": 2,

  3. Click Save

Configure Redirect URLs and Token Authentication for Configuration Page

For an administrator to access the Configuration Page, allowed URLs must be added to the application. The URLs should match the DNS record that will be used to access the Netpump Service Configuration Page.

  1. Click Authentication in the menu

    Select Authentication from menu

  2. Click + Add a Platform.

    Add Platform

  3. Select Web from the Platform listing

    Select Web Platform

  4. Enter a valid Redirect URIs that corresponds to the public DNS. Multiple URIs can be added after saving the initial entry. Select ID tokens (used for implicit and hybrid flows) from the options.

    Enter Redirect URIs and ID Tokens

  5. Click Configure

Assign users

  1. Click Overview in the menu

  2. Click on the link next to the Managed application in local directory label

    Overview and link

  3. Click Properties

  4. Set Assignment Required to Yes

    Assignment required

  5. Save

  6. Click Users and groups

  7. Add all users who require access to configure or use the Netpump service

    Add users

Key Vault - Service Principal permissions

ℹ️ Note: As a prerequisite, you need a Key Vault with a valid SSL certificate for the domain you want to host your Netpump server on. The steps below cover giving your app registration (service principal) access to that Key Vault.

  1. Open your Key Vault resource in Azure Portal and click on Access control (IAM)

  2. Click on Add > Add role assignment

    Add role assignment

  3. Select the Key Vault Secrets User role then click Next

    Pick Key Vault Secrets User role

  4. Click Select members then search for Netpump Server

    ℹ️ Note: The name will depend what name you gave the application in the App Registration

    Add the Netpump Server service principal

  5. Click Select

  6. Click Next

  7. Confirm the details and click Review + assign

    Review and assign

Ready to provision cluster

You are now ready to provision your Netpump server cluster.