# Register a custom web app in Azure AD

Follow the steps below to register a custom web app in Azure AD. Users can sign in to the web app using their browser and the acquired token.

In this article:

# Register a custom web app in Azure AD

  1. Sign in to the Azure portal (opens new window) as an admin.

  2. If you have access to multiple tenants, use the Directory + subscription filter Directory + subscription filter in the top menu to select the tenant in which you want to register an application.

  3. Search for and select Azure Active Directory.

  4. Under Manage, select App registrations > New registrations.

  5. In the Register an application window, enter the app name, and then select Register.

  6. Specify the name and select the supported account types.

  7. Under Redirect URI (optional), select Web and specify the redirect URI. Typically, this is the URL for your web app, or localhost for development.

    Register an application

  8. Select Register.

  9. Select Authentication to add more redirect URIs.

  10. Copy and make a note of the Application (client) ID. This value is required for authentication.

  11. Under Manage, select Certificates & secrets > New client secret.

    OIDC Client secret

  12. Enter a client secret description and an expiry time, and then select Add.

  13. Copy and make a note of the client secret in the Value field.

    NOTE

    Make sure you copy this value now. This value will be hidden after you leave this page.

  14. Configure API permissions:

    1. Select API permissions. The Microsoft Graph User.Read permissions should already be selected.

    2. Select Add a permission and in the next screen, under APIs my organization uses, select the CDF API, for example westeurope-1.

    3. For Delegated permissions, select the required permissions for your application, for example user_impersonation. The delegated permissions filter the permissions a user has based on group memberships, but do not add any permissions.

      To use the token inspection endpoint, select IDENTITY.

      Learn more about the available permissions here.

    4. Select Add permissions.

    5. The API permissions should look similar to this:

      API permissions

    6. Select Grant admin consent for... and confirm that you want to make the new list of permissions active.

Last Updated: 9/13/2021, 2:22:08 PM