Register your app for authentication on the Azure Active Directory

To trust Azure Active Directory users on your application, you will need to create an app registration on Azure.

  • Portal > Active Directory > App registrations > + New application registration




  • Fill up the details of your app. The sign-on URL can be changed later so you can enter a local site URL for now






  • Once created, click the app from the list and add a security key:
    • App > All Settings > Keys > + Add new key and save (important)
  • Enter the logout URL (the URL to redirect to after logging out of Azure)
    • App > All Settings > Properties > Logout URL
  • Enter the Reply URLs (Enter the logout URL here, and any other URL that Azure will redirect to)
    • App > All Settings > Reply URLs
  •  Set permissions to the app
    •  App > All Settings > Required permissions:
      • Application Permissions – Read directory data
      • Delegated Permissions – Read directory data
      • Delegated Permissions – Sign in and read user profile
    • Save
    • Go back to the Required permissions window > Click on Grant permissions (important)
  • The following app details will later be needed in your application web.config
    • Metadata Address (Active Directory > App Registrations > Endpoints > Federation Metadata Document)
    • App ID URI (App > All Settings > Properties > App ID URI)
    • Tenant Name (name of active directory)
    • Application ID (App > All Settings > Application ID)
    • Security key (the generated security key in an earlier step above)
    • Windows graph URL (written below)