Grooper Azure AD Connector

Certain Grooper CMIS Connection Type can use the OAuth standard to connect Grooper to the content platform. For example, a CMIS Connection using the Exchange CMIS Connection Type can connect to Exchange email sources using the Exchange OAuth authentication method. OAuth is an open standard for secure authentication and authorization. It allows applications like Grooper to access resources on behalf of users without needing to know or store their passwords.

In the context of Azure AD, when Grooper wants to access resources or interact with services protected by Azure AD (such as Exchange or Sharepoint), it follows an OAuth flow to obtain access tokens. During this process, Grooper is treated as the OAuth client or calling application, and it will interact with Azure AD to obtain an access token that represents Grooper’s identity and permissions to access the desired resources.

1. Azure AD Application and Grooper Azure AD Connector:
   • When configuring an object within Grooper that is using OAuth for authentication, Grooper is registered in the Azure AD by automatically creating an Azure AD Application (Service Principal) called “Grooper Azure AD Connector 2021” that represents the identity of Grooper in the directory.
   • “Grooper Azure AD Connector 2021” has its own set of credentials (client ID, client secret, or other authentication keys) and permissions that allow Grooper to authenticate and interact with Azure AD and other services integrated with Azure AD.
   • The authentication process involves Grooper redirecting users to Azure AD for sign-in if it's a user-facing application. Alternatively, for server-to-server interactions, Grooper uses its own credentials (client ID and client secret) to request access tokens from Azure AD.
2. Resource Access:
   • After obtaining the access token, Grooper can access resources or interact with other services protected by Azure AD on behalf of the user (if applicable) or itself.
   • The access token serves as proof of "Grooper's" identity and contains the necessary permissions (scopes) granted to "Grooper Azure AD Connector," allowing Grooper to access the requested resources or APIs securely.