- Login to the Azure portal with an Admin user
- In the top search bar, search for app registrations
- Click on the App registration named am-web
- Copy the Application (client) ID for am-web and paste it in a notepad
- Go back to the App registrations list
- Click New Registration
- Enter the display name as am-api
- Leave the remaining options as their default
- Click the Register button
- Click on the newly created App registration named am-api
- On the left menu, click on Expose an API
- Click the Add a scope button
- Leave the remaining options as their default
- Click the Save and continue button
- Enter the Scope name as api-access
- Enter the Admin consent display name as Consent of api access
- Enter the Admin consent description as Consent of api access
- Leave the remaining options as their default
- Click the Add scope button
- Copy the Application ID URI to your notepad
- Copy the Scopes url to your notepad, e.g.: api://xxxxx-xxx-xx-xxxx/api-access
- Click the Add a client application button
- Paste the ID copied from step 4
- Check Authorized scopes
- Click the Add application button
- Click on Certificates & Secrets
- Click the New client secret button
- Enter a description in the Description text area
- Click the Expires dropdown menu and select 24 months
- Click the Add button
- Important! Before clicking anywhere on the screen, copy the value that displays on screen and save it somewhere. Azure will not show it again.
- On the left menu, click on Api Permission
- Click the Add a permission button
- Select Microsoft Graph
- Select Delegated permissions
- Within the Select Permissions text box, search and select each of the permissions listed below
- Directory.Read.All
- Group.Read.All
- GroupMember.Read.All
- User.Read.All
- Then, click the Add permissions button
- Verify that you see the message Not granted for xxxxxx in front of each of the permissions listed.
- At this point, you will need to ask your AAD admin to grant the permissions.
- Once the permissions are granted, you will see the message Granted for xxxxx in front of each of the permissions listed.
Steps to Update configuration for Back End Service
- Login to the Azure portal with an Admin user
- In the search bar at the top, search for App Service
- Click on the App service named am-be-xxxxxxxxxxxx from prerequisites step 2
- Under Settings section on the left, click Configuration
- Use the table below to update the settings with precision. Be careful!
Example
Application Setting name | Value |
---|---|
ApiRegistrationConfiguration:Domain | yourcompany.com |
ApiRegistrationConfiguration:ClientId | Application ID URI, copied in Step 8.d |
ApiRegistrationConfiguration:ClientSecret | Secret copied in Step 9.e |
ApiRegistrationConfiguration:ApplicationClientId | “Application (client) ID” of application created in Step 7 from “Overview” menu |
WebAppRegistrationConfiguration:ConsentScopesUrl | Scopes url, copied in Step 8.d |