This document describes the process for updating your existing Journyx Microsoft Azure App Registration to continue SSO functionality post-upgrade to Journyx v13.1+. This process should be performed by a member of your IT or administrative staff who have permissions to create/modify App Registrations within your Azure portal.

NOTE - This process should be completed prior to the upgrade to Journyx version 13.1+

Requirements

Before you begin, you need to gather the following information or requirements: 

1. Your Journyx site URL - referred to as YOUR_URL below. 
2. An administrative login on your Journyx site.
3. Access to your organizations' Azure Portal with sufficient permissions to create/modify App Registrations.
4. Locate and take note of the current Azure AD Application ID that is being used for Azure SSO on your Journyx site. You can find this by signing into your Journyx site as an admin, then going to Settings > System Settings > Security Settings > Azure Active Directory Settings
   

Azure Portal App Registration Update Instructions

1. In the Azure Portal (https://portal.azure.com), go to the "App registrations" panel.
2. Under All Applications, locate and select the app registration that matches the Application (client) ID that you noted from your Journyx site in the above requirements section.
3. In your app registration, click on Authentication.
   1. Under the Web Redirect URIs, select Add URI.
      1. Add the following WEB Redirect URI ***Don't remove any existing Web Redirect URIs***
         YOUR_URL/auth/reply
         YOUR_URL
         
         Be sure to replace YOUR_URL with the actual URL, e.g. https://test.apps.journyx.com.
         *If you have multiple Journyx sites using the same Azure App Registration, such as additional test sites, please add the new URI for each site.
         
         *If you would rather have a different post-logout landing page, such as a company portal page, then you must add that same URL to the Redirect URI list. Please provide this URL to Journyx support so that they can set the custom logout URL on your Journyx site.
   2. Under Platform configurations, click Add a platform
      1. Select iOS / macOS under Mobile and desktop applications
      2. Paste the following bundle ID and click configure - com.journyx.JournyxMobile
         
         It should show the Bundle ID of com.journyx.JournyxMobile and Redirect URI of msauth.com.journyx.JournyxMobile://auth. If so, then click DONE
         
   3. Under Platform configurations, click Add a platform
      1. Select Android under Mobile and desktop applications
      2. Paste the following and then click configure:
         Package Name - com.journyx.android
         Signature hash - O6k69yeYPfmfQkbbXqJFhSCqg8A=
         
         It should show the package name and signature hash that match what you entered above as well as the Redirect URI of msauth://com.journyx.android/O6k69yeYPfmfQkbbXqJFhSCqg8A%3D. If so, then click DONE
   4. Under the Android platform you just added, select Add URI
      1. Paste the following:
         Package Name - com.journyx.android
         Signature hash - 2624iHTqLqfDwu3dDvEK4BZqZ+g=
         
         It should show the package name and signature hash that match what you entered above as well as the Redirect URI of msauth://com.journyx.com/2624iHTqLqfDwu3dDvEK4BZqZ%2Bg%3D.
         
   5. Click the SAVE button at the bottom of the screen to save these changes
4. In your App Registration, click on Certificates & Secrets
   1. Confirm current certificate is valid and not expired. If expired or soon to expire, then do the following, otherwise move to Step 5:
      1. Click "New Client Secret"
      2. Type a description, e.g. "Production Journyx Server". Then select a duration. (Note that making use of key expirations is recommended for security, but you will have to come back and generate a new key here at some point.)
      3. Click Add.  ***A generated value will then be displayed. Copy the value and save it somewhere as it will not be shown again.***
      4. Copy/Paste the certificate VALUE into the client secret field on your Journyx site by signing into your Journyx site as an administrator, then going to Settings > System Settings > Security Settings > Azure Active Directory Settings
         
5. If you are currently using Journyx calendar-based suggestions or plan to use Journyx calendar-based suggestions, then API Permissions must be checked and possibly updated. If you are not, then you are done and ready to upgrade.
   1. Click on API Permissions
      1. Confirm that you have Calendars.Read.Shared and Tasks.Read.Shared added, along with User.Read (required for just SSO)
         
         If this is correct, then no additional steps are necessary and you are ready to upgrade, otherwise proceed to the next step
      2. If permissions do not match the above, then Click + Add a permission, Choose Microsoft Graph > Delegated Permissions
         1. You will see a long list of Graph permissions. Select the following:
            Calendars > Calendars.Read.Shared
            Tasks > Tasks.Read.Shared
         2. Make sure those two are checked, then click the Add permissions button at the bottom.
      3. Once the permissions are added, you must Grant Permissions by clicking the Grant admin consent for ... button