Table of contents
TOC
Collapse the table of content
Expand the table of content

Azure Active Directory - Service to Service calls using Client Credentials

Last Updated: 2/16/2017

The Trusted Application API only accepts an AAD Oauth token issued to an application identity. In order that your application gets such a token from AAD, you need to either upload your application's credentials ( a certificate ) to AAD, and use that certificate whenever you need an Oauth token, or use a client secret.

When challenged for authentication by Skype for Business Online service, your application must perform authentication against Azure AD to receive an Oauth token.

Trusted Application API requires use of HTTPS and certificates for both AAD Service-to-service authentication and SSL.We require the use of publicly-signed certificates. If needed, you should be able to create a record or CName to point your own custom domain to your cloudapp.net Azure cloud service.

For example, create a DNS CName abc.contoso.com, and that DNS CName points to trustedapp.cloudapp.net (This allows you to avoid creating a certificate with SN: trustedapp.cloudapp.net, but use a certificate with SN: abc.contoso.com)

Please refer to the following information and examples for how to implement service to service calls.

Additional information

Building service aps in Office 365

Active Directory authentication scenarios

Active Directory Certificate Credentials

Configuring a custom domain name for an Azure cloud service

© 2017 Microsoft