Setup App Registrations

to set up activate in your {{microsoft entra id}} environment, you’ll need to create one or more app registrations these applications allow activate to interact with azure services and, optionally, provide user authentication the table below outlines each app registration and its purpose true 211,180 unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type it is strongly recommended to register one admin application per activate instance (e g production, uat, dev) this approach prevents exceeding azure's maximum number of simultaneous powershell connections azure portal layouts change frequently the steps below are accurate at time of writing but may differ slightly from the current azure portal ui obtain tenant details sign in to azure sign into the azure portal using a global admin account 👉 https //portal azure com locate tenant details navigate to the entra id blade click overview note down the following details for later tenant name primary domain tenant id setup orchestrator application this application is the core connector that activate orchestrator relies on to interact with entra id it enables activate to securely read from and write to entra id, powering identity lifecycle changes and access automation register a new application navigate to app registrations if it isn't visible on the homepage, use the search bar at the top click new registration enter the following details true left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type click register record the application (client) id for later configure api permissions select api permissions in the left hand menu click add a permission select microsoft graph choose application permissions click add a permission and select appropriate permissions user read all – read users group read all – read groups rolemanagement read directory – role synchronisation for more information on azure permissions required for your project, refer to\ for more information on azure permissions required for your project, refer to https //learn microsoft com/en us/graph/permissions reference and docid\ r3l2moi kmloieqfiuz2 then click grant admin consent for your tenantname , and confirm by clicking yes the consent status may take a few minutes to appear on the api permissions screen create a client secret navigate to certificates & secrets in the left menu click new client secret enter a description select an appropriate expiry period (note the expiry date as the secret will need renewal for continued integration) click add copy the client secret value it is only visible in full for a short time before it becomes obfuscated, if it does before you are able to copy it, delete the secret and create new one if the secret value starts with an = sign , please delete it and generate a new one secrets starting with = can cause unexpected issues setup login application activate uses a separate application to authenticate users when they are using the web or studio components of activate this is a basic application, used only to authenticate the user, no additional permissions are required this step is only required if you are using oauth authentication for web or studio authentication register new application navigate to app registrations if it isn't visible on the homepage, use the search bar at the top click new registration enter the following details true left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type click register note down the application (client) id for later click api permissions click grant admin consent for msft click yes it is recommended that assignment required is enabled for this application to control who has access to activate see docid 6tcndol1l7yrpiqkew3e4 for more information configure web authentication navigate to the authentication section of the login application registration click add a platform select single page application enter the redirect uri , this will be the uri that your end users use to access activate web, e g https //example com retain this value, you'll need it later to configure activate click configure note down the application (client) id for later configure studio authentication this is currently only required for cloud only environments that require oauth authentication for activate studio navigate to the authentication section of the login application registration click add a platform select mobile and desktop applications enter a redirect uri of http //localhost click configure note down the application (client) id for later