How to Create an Azure AD App Registration - Step-By-Step Tutorial

How to Create an Azure AD App Registration – Step-By-Step Tutorial

Ana NetoTechnical Leave a Comment

Are you navigating the world of Modern Authentication in your company? Let's dive into how Azure Active Directory (AAD) app registration can be your ticket for seamless authentication and authorization.

Azure AD App Registration: 'Entra' a New Era

Ah, the world of Azure AD App Registration - a realm where some dare not go in… But wait, there's a plot twist! Enter Microsoft Entra ID, the new protagonist on stage, with changes to the Azure AD App Registration narrative. Microsoft says it is the next evolution of identity and access management solutions for the cloud. If you want to delve in to see what's new, Microsoft has available free training. If you just want to enter the realm to register your app… follow me!

Azure AD App Registration: Two step-by-step scenarios

Depending on the software, the procedure might be a bit different. In this tutorial, we will cover the two options we use at Connecting Software:

  • Client Credentials Grant (via certificate)
  • Authorization Code Grant (via client secret)

Please note that if you are reading this article because you are starting with a Connecting Software product, you should follow these instructions only if you are deploying the software on-premises. For SaaS, you can use the app we’ll provide you and you’ll only need the directory id, or you can create your own app.

In any case, let’s get started!

Client Credentials Grant

We’ll first go through the Client Credentials Grant (CCG) procedure, sometimes referred to as implicit grant. Here are the steps you’ll need to follow:

CCG1 - Open the Azure portal, log in, and select the Microsoft Entra ID

Image

Alternatively, you can come in through the Microsoft Entra admin center and select Microsoft Entra ID (Azure AD).

 

CCG2 - Select App registrations.

Image

 

If you came in through the Microsoft Entra Admin Center, you’ll find the App registrations under Applications.

 

CCG3 - Select New registration.

 

How to Create an Azure AD App Registration - Step 3

 

 

CCG4 - Type your application’s name, choose the account types and click Register. Please note that the Redirect URI is optional, but necessary in most of the scenarios.

 

Image

 

CCG5 - Copy your Application (client) ID and Directory (tenant) ID as you will need to enter these in the software you are setting up Modern Authentication in.

 

How to Create an Azure AD App Registration - Step 5

 

 

CCG6 - You will need to get the certificate from the software you are doing Modern Authentication for. As an example, if it is Document Extractor on-premises you can go to the configuration page, download the certificate from the Public Key Certificate field. In other cases, you will find it in the Certificate field.

 

How to Create an Azure AD App Registration - Step 6

 

 

CCG7 - You will now upload this certificate in Azure. Click Certificates and secrets, then Certificates, and finally, Upload certificate.

 

How to Create an Azure AD App Registration - Step 7

 

 

CCG8 - Upload the certificate which you downloaded earlier and click Add.

How to Create an Azure AD App Registration - Step 8

 

Once uploaded, you should see the certificate in the list, with its Thumbprint, Start date and an indication of when it Expires

 

CCG9 - Click API permissions and then click on Add a permission

 

How to Create an Azure AD App Registration - Step 9

 

 

CCG10 - Select SharePoint and choose Application permissions

 

How to Create an Azure AD App Registration - Step 5

 

 

CCG11 - The permissions you will need to check will depend on the software you are creating the app for and also on your specific use case for it.

This will differ from product to product but, for example, for Document Extractor you would normally check the “Sites.ReadWrite.All” permission, but if you would like to sync changes from SharePoint to Salesforce then you would check the “Sites.Manage.All” permission instead.

 

How to Create an Azure AD App Registration - Step 11

 

 

CCG12 - As a final step you should grant admin consent. You’ll find the Grant admin consent for … button next to the Add a permission button that you used in the previous step. If the Grant admin consent for … is disabled, check which user are you logged in with.

How to Create an Azure AD App Registration - Step 12

Authorization Code Grant

For this other type of grant, the first steps are identical and then the procedure takes a different path:

ACG1 - Identical to CCG1

ACG2
- Identical to CCG2

ACG3
- Identical to CCG3

ACG4
- Besides typing your application’s name and choosing the account types, you’ll need to select a platform - select Web - and then enter the redirect URI.
For example, for CB Dynamics 365 to SharePoint Permissions Replicator, it should be https://permissions-replicator-saas.connecting-software.com/consent-callback.
Once that is done, click on Register.

ACG5
-  In the Certificates & secrets section, go to Client secrets and click New client secret. Copy the generated secret so you can use it in the next steps.

How to Create an Azure AD App Registration - Step ACG5


ACG6
- Identical to CCG9

ACG7
- Identical to CCG10

ACG8
- Identical to CCG11

ACG9
- Identical to CCG12

Conclusion

In this article, we’ve walked you through the two options we use for Azure AD App Registration at Connecting Software: Client Credentials Grant (via certificate) and Authorization Code Grant (via client secret).


About the Author

Ana Neto

By Ana Neto, technical advisor at Connecting Software.

“I have been a software engineer since 1997, with a more recent love for writing and public speaking. Do you have any questions or comments about this article? I would love to have your feedback, leave a comment below!"

Leave a Reply

Your email address will not be published. Required fields are marked *

For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.