Register your app for authentication on the Azure Active Directory

To trust Azure Active Directory users on your application, you will need to create an app registration on Azure.

• Portal > Active Directory > App registrations > + New application registration

• Fill up the details of your app. The sign-on URL can be changed later so you can enter a local site URL for now
• 

• Once created, click the app from the list and add a security key:
  • App > All Settings > Keys > + Add new key and save (important)
• Enter the logout URL (the URL to redirect to after logging out of Azure)
  • App > All Settings > Properties > Logout URL
• Enter the Reply URLs (Enter the logout URL here, and any other URL that Azure will redirect to)
  • App > All Settings > Reply URLs
•  Set permissions to the app
  •  App > All Settings > Required permissions:
    • Application Permissions – Read directory data
    • Delegated Permissions – Read directory data
    • Delegated Permissions – Sign in and read user profile
  • Save
  • Go back to the Required permissions window > Click on Grant permissions (important)
• The following app details will later be needed in your application web.config
  • Metadata Address (Active Directory > App Registrations > Endpoints > Federation Metadata Document)
  • App ID URI (App > All Settings > Properties > App ID URI)
  • Tenant Name (name of active directory)
  • Application ID (App > All Settings > Application ID)
  • Security key (the generated security key in an earlier step above)
  • Windows graph URL (written below)