Creating a native API for WorkZone Mobile


Register the native API

See Microsoft quickguide on how to register an app or a web API for the detailed steps.

  1. Log in to the Microsoft Azure portal.
  2. Click App registrations. It must be the same place as your WorkZone web app publication is created.
  3. Click New registration.
  4. Enter a Name for your WorkZone Mobile app. For example, WorkZoneMobileNative.
  5. Select appropriate supported account type.
  6. Click Register.


Add a redirect URI

See Microsoft quickguide on adding a redirect URI for the detailed steps.

  1. Under Configure platforms, select the needed platform type (Web, iOS/macOS, Android, Mobile and desktop applications).
  2. Provide your Redirect URI (URL of your WorkZone web app publication).
    • For Web: enter the redirect URI in the following format: https://<Your host>/oauth2/signin-oidc (replace <your host> with your host).
    • For iOS: enter dk.kmd.workzone.intune for Bundle ID. The Redirect URI will be generated automatically.
    • For Android: enter dk.kmd.workzone for Package name. The Redirect URI will be generated automatically.


Add API permissions

See Microsoft quickguide on how to add API permissions for the detailed steps.

Add the following API permissions:

  1. Under Microsoft Graph:
    • Directory.AccessAsUser.All
    • Directory.Read.All
    • Directory.ReadWrite.All
    • Group.Read.All
    • Group.ReadWrite.All
    • User.Read
    • User.Read.All
    • User.ReadBasic.All
  2. Under My APIs > <name of your hosted web app> (for example, My APIs > WorkZoneWebApp):
    • user.impersonation
Tip: You can also quickly find the needed permission by typing its title into the Select permissions search bar.


Configure tokens

  1. Under Manage >Token configurations, click Add optional claim.
  2. Select ID as the Token type.
  3. Add upn claim.