Example: Azure User Management
If you already use Azure Active Directory for identity and access management, it is easy to extend your app with user discovery and contact management using the Microsoft Graph API. The BBM Enterprise SDK examples include a user management implementation using Microsoft Graph API to access Azure Active Directory.
In Microsoft Azure, each access token must be used for a specific resource. Your app has to authenticate against Azure with a scope containing all Microsoft Graph API permissions to access Active Directory user data. It cannot reuse the access token granted for the BBM Enterprise SDK.
Extend Active Directory User Data with BBM Enterprise Account
The Microsoft Graph API allows an app to access the data of Active Directory users, and to write custom application data for each user using custom extensions. In the BBM Enterprise SDK examples, a user's registration ID (regId) is automatically stored against the user's data in Azure Active Directory. This allows your app to easily integrate against a corporate directory to facilitate user lookup, and start secure chat, voice, and video communications using the BBM Enterprise SDK. Your app can also leverage Microsoft Graph API to manage a contact list by utilizing user groups or other criteria.
Give your app permission to access Microsoft Graph API
Note: These instructions assume your app will use Azure Active Directory v2.0 authentication API.
From the Microsoft Application Registration Portal, access the Microsoft Graph Permissions section and add the following:
- User.ReadWrite: Required to view the local users data and write the BBM Enterprise SDK regId to their user entry in Active Directory.
- User.ReadBasic.All: Required to view all users in the Active Directory.