Skip to the content.

Microsoft Assent

GitHub release (latest by date including pre-releases) CodeQL OpenSSF Scorecard

Assent Approval Solution Simplified for ENTerprise

Microsoft Assent (a.k.a Approvals) as a platform provides the “one stop shop” solution for approvers via a model that brings together disparate different approval requests in a consistent and ultra-modern model. Approvals delivers a unified approvals experience for any approval on multiple form factors - Website, Outlook Actionable email, Teams. It consolidates approvals across organization’s line of business applications, building on modern technology and powered by Microsoft Azure. It serves as a showcase for solving modern IT scenarios using the latest technologies.

Getting Started

These instructions will get the project up and running in Azure.

Pre-requisites

Before running the project on local machine/ or deploy the following things needs to be setup on Azure:

Apart from these keep the following items handy as it would be required during deployment:

Installing

A step by step series of that explains how to get the components deployed in Azure

Step 1: Download the ARM template (template.json) from the source (scripts)
Step 2: Go to Azure Portal and search/select the service 'Deploy a custom template"
Step 3: Select 'Build your own template in the editor' and paste the content of 'template.json' in the editor
Step 4: Save and go the next step. Select the subscription, resource group & location.
Update the settings to update any of the parameter values if required and click on purchase

Note : If there is any failure, try re-deploying again before proceeding for any troubleshooting.

Clean-up

It might have happened that some of the resources which got created may be already present in your subscription. In that case, you can continue to use the same and delete the newly created resources. (e.g. Storage Account, Application Insights, ServiceBus - In case of ServiceBus make sure to create the Topics in your exisiting ServiceBus namespace before deleting).

The following table will help in deciding which components can be cleaned-up.

Common  
  App Configuration
  KeyVault
  Application Insights
  ServiceBus Namespace
  Storage Account
  Cosmos Db
  Azure Search

Setup and Configuration

Once all the components are deployed, go to the below components, copy the access keys and store that in Azure App Configuration. The secrets needs to be stored in Azure Key vault and a respective Key Vault reference of the same can be added in Azure App Configuration as required.

Key Name Source In KeyVault ?
AzureAppConfigurationConnectionString Azure App Configuration Yes
ServiceBusConnectionString ServiceBus Yes
StorageConnectionString Storage Account Yes
StorageAccountName Storage Account No
StorageAccountKey Storage Account Yes
APPINSIGHTS_INSTRUMENTATIONKEY Application Insights No

Import Configuration to Azure App Configuration

Step 1: Download the configuration file (AppCofiguration.json) from the samples folder
Step 2: Add/update the values for the following keys in the JSON

| Key Name | Source | In KeyVault ? | |——–|——|——–| | AntiCorruptionMessage | Message to be shown on the UI while taking action (if applicable) | No | | ApprovalsAudienceUrl | Microsoft Entra ID Resource (APP ID URL) | No | | ApprovalsBaseUrl | Approvals Website Base URL | No | | ApprovalsCoreServicesURL | Approvals API's Base URL | No | | Authority | URL that indicates a directory that MSAL can request tokens from | No | | AzureSearchServiceName | Azure Search | No | | AzureSearchServiceQueryApiKey | Azure Search | Yes | | CosmosDbAuthKey | Azure Cosmos DB | Yes | | CosmosDbEndPoint | Azure Cosmos DB | No | | DetailControllerExceptionMessage | Error message to be shown on the UI when details loading fails | No | | EnvironmentName | Environment Name where this solution is getting deployed (e.g., DEV/ TEST etc.) | No | | GraphAPIAuthString | Microsoft Entra ID Authority URL with {0} replaced with the TenantID - https://login.windows.net/{0} | No | | GraphAPIClientId | Microsoft Entra ID Client ID which has permissions to Access Microsoft Graph to get user data | No | | GraphAPIClientSecret | Microsoft Entra ID Client Secret - used to access Microsoft Graph | Yes | | NotificationBroadcastUri | Notification Service's REST endpoint | No | | NotificationFrameworkAuthKey | Microsoft Entra ID Client Secret - used for Authentication with Notification Framework/service | Yes | | NotificationFrameworkClientId | Microsoft Entra ID Client ID - used for Authentication with Notification Framework/service | No | | ReceiptAcknowledgmentMessage | Message to be shown on the UI while taking action (if applicable) | No | | ServiceBusConnectionString | Azure Service Bus | Yes | | ServiceBusIssuerSecret | Azure Service Bus | Yes | | ServiceBusNamespace | Azure Service Bus | No | | ServiceComponentId | [Optional] Used for Logging | No | | ServiceLineName | [Optional] Used for Logging | No | | ServiceName | [Optional] Used for Logging | No | | ServiceOfferingName | [Optional] Used for Logging | No | | ServiceParameterAuthKey | Microsoft Entra ID Client Secret - used for Authentication with LoB apps endpoints/service | Yes | | ServiceParameterClientID | Microsoft Entra ID Client ID - used for Authentication with LoB apps endpoints/service | No | | StorageAccountKey | Azure Storage | Yes | | StorageAccountName | Azure Storage | No | | SupportEmailId | e.g., mailto:help@contoso.com | No | | SyntheticTransactionsApproverAliasList | [Optional](;) separated list of aliases which would be the allowed approvers for creating synthetic transaction requests | No | | UrlPlaceholderTenants | [Optional] Int32 identifiers for simulating LoB apps in self-server portal | No | | WhitelistDomains | Domains which will be allowed to access Assent | No |

Step 3: Go to the App Configuration service on Azure Portal and select the resource
where the configuration needs to be imported.
Step 4: Go to 'Operations' -> 'Import/Export'
Step 5: Select 'Import' in the toggle button and
choose 'Configuration file' from the dropdown 'Source service'.
Step 6: In the 'For language' drop down select 'Other'
Step 7: Choose 'Json' as the value from the 'File type' dropdown and
select the 'AppConfiguration.json' updated in the previous step file from the File Explorer.
Step 8: The configuration should be fetched successfully and the UI should show options to save/apply
Select the 'Label' under which the configurations needs to be added (e.g., DEV) and click 'Apply'

Update Application Settings

Deploy

Deploy the code in these new components using Azure DevOps (Build and Release pipelines)

The deployment might fail sometimes due to locked files. Try restarting the service, before redeploying. If the issue persists, add the following AppSettings in the service configuration

    "MSDEPLOY_RENAME_LOCKED_FILES": "1"

How to Setup to use this framework

See the SETUP.md file for details

License

This project is licensed under the MIT License - see the LICENSE file for details

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.

When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.

Trademarks

This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft’s Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party’s policies.