February 1, 2018
Register your app for authentication on the Azure Active Directory
To trust Azure Active Directory users on your application, you will need to create an app registration on Azure.
- Portal > Active Directory > App registrations > + New application registration
- Fill up the details of your app. The sign-on URL can be changed later so you can enter a local site URL for now
- Once created, click the app from the list and add a security key:
- App > All Settings > Keys > + Add new key and save (important)
- Enter the logout URL (the URL to redirect to after logging out of Azure)
- App > All Settings > Properties > Logout URL
- Enter the Reply URLs (Enter the logout URL here, and any other URL that Azure will redirect to)
- App > All Settings > Reply URLs
- Set permissions to the app
- App > All Settings > Required permissions:
- Application Permissions – Read directory data
- Delegated Permissions – Read directory data
- Delegated Permissions – Sign in and read user profile
- Save
- Go back to the Required permissions window > Click on Grant permissions (important)
- App > All Settings > Required permissions:
- The following app details will later be needed in your application web.config
- Metadata Address (Active Directory > App Registrations > Endpoints > Federation Metadata Document)
- App ID URI (App > All Settings > Properties > App ID URI)
- Tenant Name (name of active directory)
- Application ID (App > All Settings > Application ID)
- Security key (the generated security key in an earlier step above)
- Windows graph URL (written below)