メイン コンテンツにスキップする

Register a custom web app in Microsoft Entra ID

Follow the steps below to register a custom web app in Microsoft Entra ID. Users can sign in to the web app using their browser and the acquired token.

Register a custom web app in Microsoft Entra ID

  1. Sign in to the Azure portal as an admin.

  2. If you have access to multiple tenants, use the Directory + subscription filter Directory + subscription filter in the top menu to select the tenant in which you want to register an application.

  3. Search for and select Microsoft Entra ID.

  4. Under Manage, select App registrations > New registrations.

  5. In the Register an application window, enter the app name, and select Register.

  6. Specify the name and select the supported account types.

  7. Under Redirect URI (optional), select Web and specify the redirect URI. Typically, this is the URL of your web app, or localhost for development.

Register an application
  1. Select Register.

  2. Select Authentication to add more redirect URIs.

  3. Copy and make a note of the Application (client) ID. This value is required for authentication.

  4. Under Manage, select Certificates & secrets > New client secret.

OIDC Client secret
  1. Enter a client secret description and an expiry time, and then select Add.

  2. Copy and make a note of the client secret in the Value field.

    NOTE

    Make sure you copy this value now. This value will be hidden after you leave this page.

  3. Configure API permissions:

    1. Select API permissions. The Microsoft Graph User.Read permissions should already be selected.

    2. Select Add a permission and in the next screen, under APIs my organization uses, select the CDF API, for example westeurope-1.

    3. For Delegated permissions, select the required permissions for your application, for example user_impersonation. The delegated permissions filter the permissions a user has based on group memberships, but don't add any permissions.

      To use the token inspection endpoint, select IDENTITY.

      Learn more about the available permissions here.

    4. Select Add permissions.

    5. The API permissions should look similar to this:

      API permissions
    6. Select Grant admin consent for... and confirm that you want to make the new list of permissions active.