All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

O365 Account Setup: Redirect URL

jpolcari
Communicator
‎07-13-2018 10:36 AM

Looking to ingest logs from O365 using the Microsoft Cloud Services app and having trouble with linking the O365 Account. Does the Redirect URL need to be accessible from the Internet? I wasn't able to find a straight answer within the documentation. I'm getting error after I type in credentials to authenticate with O365:

AADSTS70001: Application with identifier 'xxxxxxxxxxxxxxxxxxxxxxxxxxxx' was not found in the directory xxxxxx.com

0 Karma
Reply

jconger
Splunk Employee
Splunk Employee
‎08-09-2018 10:00 AM

The redirect URL does not need to be accessible from the Internet. The error you are experiencing sounds like a misconfiguration of the Application ID (a.k.a. Client ID).

BUT, I would highly recommend using the Splunk Add-on for Microsoft Office 365 instead. The consent framework steps (all that redirect stuff) have been removed in that add-on and some improvements have been made as well for O365 data ingestion.

0 Karma
Reply

jaxjohnny2000
Builder
‎12-06-2018 12:05 PM

Jason,
The challenge to using the Splunk Add-on for Microsoft Office 365, is that the Microsoft Office 365 App for Splunk depends on the Splunk Add-on for Microsoft Cloud Services. The Splunk Add-on for Microsoft Office 365 does not pull back all the same sourcetypes and extractions as the Splunk Add-on for Microsoft Cloud Services does. So the App panels are no longer populating. This just means we have to update all the code, but just so you know.

0 Karma
Reply

Bloodnite
Path Finder
‎07-13-2018 01:26 PM

Sounds like there is some more configuration you need to do on the Azure side for the API piece. You don't need the redirect URL internet facing from what I can tell from our setup. The app just needs to be able to reach out via 443 and have the open session. Possibly using the wrong ID string when you setup the Azure API piece for the app/splunk configuration?

0 Karma
Reply

jpolcari
Communicator
‎07-25-2018 08:07 AM

Sorry for the late reply. I've double checked and even recreated the Azure API app/key. Still seem to be getting the same error.

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...