Steps to Create App registration for the Back End

  1. Login to the Azure portal with an Admin user
  2. In the top search bar, search for app registrations
  3. Click on the App registration named am-web
  4. Copy the Application (client) ID for am-web and paste it in a notepad
  5. Go back to the App registrations list
  6. Click New Registration
    1. Enter the display name as am-api
    2. Leave the remaining options as their default
    3. Click the Register button
  7. Click on the newly created App registration named am-api
  8. On the left menu, click on Expose an API
    1. Click the Add a scope button
    2. Leave the remaining options as their default
    3. Click the Save and continue button
      1. Enter the Scope name as api-access
      2. Enter the Admin consent display name as Consent of api access
      3. Enter the Admin consent description as Consent of api access
      4. Leave the remaining options as their default
      5. Click the Add scope button
    4. Copy the Application ID URI to your notepad
    5. Copy the Scopes url to your notepad, e.g.: api://xxxxx-xxx-xx-xxxx/api-access
    6. Click the Add a client application button
    7. Paste the ID copied from step 4
    8. Check Authorized scopes
    9. Click the Add application button
  9. Click on Certificates & Secrets
    1. Click the New client secret button
    2. Enter a description in the Description text area
    3. Click the Expires dropdown menu and select 24 months
    4. Click the Add button
    5. Important! Before clicking anywhere on the screen, copy the value that displays on screen and save it somewhere. Azure will not show it again.
  10. On the left menu, click on Api Permission
    1. Click the Add a permission button
    2. Select Microsoft Graph
    3. Select Delegated permissions
    4. Within the Select Permissions text box, search and select each of the permissions listed below
      1. Directory.Read.All
      2. Group.Read.All
      3. GroupMember.Read.All
      4. User.Read.All
    5. Then, click the Add permissions button
    6. Verify that you see the message Not granted for xxxxxx in front of each of the permissions listed.
    7. At this point, you will need to ask your AAD admin to grant the permissions.
    8. Once the permissions are granted, you will see the message Granted for xxxxx in front of each of the permissions listed.

Steps to Update configuration for Back End Service

  1. Login to the Azure portal with an Admin user
  2. In the search bar at the top, search for App Service
  3. Click on the App service named am-be-xxxxxxxxxxxx from prerequisites step 2
  4. Under Settings section on the left, click Configuration
  5. Use the table below to update the settings with precision. Be careful!

Example

 

Application Setting name Value
ApiRegistrationConfiguration:Domain yourcompany.com
ApiRegistrationConfiguration:ClientId Application ID URI, copied in Step 8.d
ApiRegistrationConfiguration:ClientSecret Secret copied in Step 9.e
ApiRegistrationConfiguration:ApplicationClientId “Application (client) ID” of application created in Step 7 from “Overview” menu
WebAppRegistrationConfiguration:ConsentScopesUrl Scopes url, copied in Step 8.d