Creating a Custom Azure oAuth App

Custom AzureAD Applications

Create a Custom AzureAD App

Follow the steps below to obtain the AzureAD values for your application, the OAuthClientId and OAuthClientSecret.

  1. Log in to https://portal.azure.com.

  2. In the left-hand navigation pane, select Azure Active Directory, then applicationRegistrations, and click New registration.

  3. Enter an application name and select the desired tenant setup. When creating a custom AzureAD application in Azure Active Directory, you can define whether the application is single- or multi-tenant. If you select the default option, "Accounts in this organizational directory only", you must set the AzureTenant connection property to the Id of the Azure AD Tenant when establishing a connection. Otherwise, the authentication attempt fails with an error. If your application is for private use only, "Accounts in this organization directory only" should be sufficient. Otherwise, if you want to distribute your application, choose one of the multi-tenant options.

  4. Set the redirect url to http://localhost:33333, the provider's default. Or, specify a different port and set CallbackURL to the exact reply URL you defined.

  5. Click Register to register the new application. This opens an application management screen. Note the value in Application (client) ID as the OAuthClientId and the Directory (tenant) ID as the AzureTenant.

  6. Navigate to the "Certificates & Secrets" and define the application authentication type. There are two types of authentication available: using a client secret or a certificate. The recommended authentication method is using a certificate.

    • Option 1: Upload a certificate: In "Certificates & Secrets", select Upload certificate and the certificate to upload from your local machine.

    • Option 2: Create a new application secret: In "Certificates & Secrets", select New Client Secret for the application and specify its duration. After saving the client secret, the key value is displayed. Copy this value as it is displayed only once. You will need it as the OAuthClientSecret.

  7. Select API Permissions > Add. If you plan for your application to connect without a user context, select Application Permissions (OAuthGrantType = CLIENT). Otherwise, use the Delegated permissions.

  8. Select the Azure Application and add the Have full access to the Application service permission.

  9. Save your changes.

  10. If you have selected to use permissions that require admin consent (such as the Application Permissions), you can grant them from the current tenant on the API Permissions page. Otherwise, follow the steps under "Admin Consent".

Custom AzureAD Service Principal Applications

When authenticating using an Azure Service Principal, you must create both a custom AzureAD application and a service principal that can access the necessary resources. Follow the steps below to create a custom AzureAD application and obtain the connection properties for Azure Service Principal authentication.

Create a Custom AzureAD App with an Azure Service Principal

Follow the steps below to obtain the AzureAD values for your application.

  1. Log in to https://portal.azure.com.

  2. In the left-hand navigation pane, select Azure Active Directory then App Registrations and click New registration.

  3. Enter an app name and select Any Azure AD Directory - Multi Tenant. Then set the redirect url to http://localhost:33333, the provider's default.

  4. After creating the application, copy the Application (client) Id value displayed in the "Overview" section. This value is used as the OAuthClientId

  5. Define the app authentication type by going to the "Certificates & Secrets" section. There are two types of authentication available: using a client secret and using a certificate. The recommended authentication method is via a certificate.

    • Option 1 - Upload a certificate: In "Certificates & Secrets", select Upload certificate and the certificate to upload from your local machine.

    • Option 2 - Create a new application secret: In "Certificates & Secrets", select New Client Secret for the application and specify its duration. After saving the client secret, the key value is displayed. Copy this value as it is displayed only once. You will use it as the OAuthClientSecret.

  6. On the Authentication tab, make sure to select Access tokens (used for implicit flows).

PreviousPickListsNextUsing Kerberos

Last updated