BlackBerry Spark Communications Services Guide

Configuring iOS Examples to use Azure Active Directory

Some SDK example applications for iOS can be configured to integrate with Azure Active Directory both as your identity provider and for user management. Azure integration is supported for RichChat, SimpleChat and QuickStart.

This page guides you through the changes you can make to the example applications to integrate with Azure using the Support library.

Azure Configuration

Before running the example applications with Azure Active Directory, you must first configure Azure for the example you wish to run.

  1. First, configure Azure Active Directory as your Identity Provider.
  2. Next, configure Azure Active Directory for User Management.

Authenticating with Active Directory

Identity providers are listed in the ConfigSettings.plist file. To use a specific identity provider, set the authProvider key in ConfigSettings.plist to the string that matches the key for the identity provider settings you wish to use.

Value of authProvider Description
testAuth Use no user authentication. See the domain configuration guide for details.
googleSignIn Use Google Sign-In as the identity provider.
azureAD Use Azure Active Directory as the identity provider.
custom Use optional custom identity, key, and/or user managers. You must populate the user segment and handle instantiation and configuration of your custom authentication, user and/or key managers in BBMConfigManager.

An example ConfigSettings.plist excerpt is shown below.

<key>authProvider</key>
<string>azureAD</string>

Configuring Azure Active Directory

To configure your domain and Azure Active Directory, see the guide on using Azure Active Directory as your Identity Provider.

When you have completed setting up Azure Active Directory, your Azure Application and your domain, you should have several identifiers that must be included in the ConfigSettings.plist file.

Enter these values into their respective fields in the ConfigSettings.plist file under azureAD and set the authProvider string to azureAD.

An example ConfigSettings.plist excerpt is shown below.

<key>authProvider</key>
<string>azureAD</string>
<key>azureAD</key>
<dict>
    <key>userProvider</key>
    <string>azureAD</string>
    <key>keyProvider</key>
    <string>azure</string>
    <key>domain</key>
    <string>YOUR_DOMAIN_ID</string>
    <key>clientId</key>
    <string>22ae09da-0000-0000-0000-123455667</string>
    <key>environment</key>
    <string>sandbox</string>
    <key>tenantId</key>
    <string>abcdefeg-0000-0000-0000-76046bd82bf1</string>
    <key>scope</key>
    <string>api://22ae09da-0000-0000-0000-123455667/Messaging.All</string>
    <key>keyProviderPath</key>
    <string>http://1.2.3.4:3000/kms/</string>
</dict>

Replace YOUR_DOMAIN_ID with the your application's domain ID.

Specify the Azure Active Directory callback URL in the info.plist file This will be msal followed by your Client ID. For example, msal22ae09da-0000-0000-0000-123455667.

MSAL

MSAL will be installed automatically for RichChat, SimpleChat and QuickStart when running pod install. MSAL is required to get JWT tokens.

Install pods

To build and run this application, CocoaPods must be installed as described in CocoaPods.

After installing CocoaPods, run the following command from the root folder of your project.

$ pod update
$ pod install

User Discovery with Azure Active Directory

The SDK examples for iOS can use Microsoft Graph and the Azure Active Directory for user management.

An implementation of the BBMAppUserSource protocol, BBMAzureUserManager, is provided which will provide a list of all individuals in your directory. The presence of a custom Registration Id field on the active directory entries is used to map the regId (the user identifier used by the SDK) to the user's OAuth identity.

The Support library code for Azure Active Directory user management is compatible across iOS, Android, and JavaScript.

Key Management

BlackBerry Key Management Service

To use the BlackBerry Key Management Service, set the useBlackBerryKMS property in ConfigSettings.plist to true. This must be a top-level entry in the plist file. Custom key management related settings will be ignored if this is set.

An example ConfigSettings.plist excerpt is shown below.

<key>useBlackBerryKMS</key>
<true/>

Cloud Key Storage

If your application needs complete control of its cryptographic security keys, you can secure these keys by using Azure Cosmos DB for Cloud Key Storage with the Key Provider Server example server that comes with the SDK for JavaScript.

To use Cloud Key Storage with Azure Cosmos DB, use the BBMAzureCosmosKeyStorageProvider class. This class synchronize keys with an Azure Cosmos database via the Key Provider Server, using your user's Azure credentials.

The Support library code for Cloud Key Storage in Azure Cosmos DB is compatible across iOS, Android, and JavaScript.