To trust Azure Active Directory users on your application, you will need to create an app registration on Azure.
- Portal > Active Directory > App registrations > + New application registration
- Fill up the details of your app. The sign-on URL can be changed later so you can enter a local site URL for now
- Once created, click the app from the list and add a security key:
- App > All Settings > Keys > + Add new key and save (important)
- Enter the logout URL (the URL to redirect to after logging out of Azure)
- App > All Settings > Properties > Logout URL
- Enter the Reply URLs (Enter the logout URL here, and any other URL that Azure will redirect to)
- App > All Settings > Reply URLs
- Set permissions to the app
- App > All Settings > Required permissions:
- Application Permissions – Read directory data
- Delegated Permissions – Read directory data
- Delegated Permissions – Sign in and read user profile
- Save
- Go back to the Required permissions window > Click on Grant permissions (important)
- App > All Settings > Required permissions:
- The following app details will later be needed in your application web.config
- Metadata Address (Active Directory > App Registrations > Endpoints > Federation Metadata Document)
- App ID URI (App > All Settings > Properties > App ID URI)
- Tenant Name (name of active directory)
- Application ID (App > All Settings > Application ID)
- Security key (the generated security key in an earlier step above)
- Windows graph URL (written below)