Entra ID App Configuration

Anders Adolfsson - Versasec
Anders Adolfsson - Versasec
  • Updated

Introduction

This article will provide an example on how to setup and configure an Entra ID app so it can be used with vSEC:CMS for managing FIDO2 credentials. This is an example only and it is expected that readers of this article are familiar with using/configuring Entra ID.

Register New App

From EntraID Menu select App Registrations (1)  - New Registration (2) 

Untitled.png

Enter a name for the App and select same as in below example for the account type.

Untitled.png

The Overview of the application gives information about the ClientID (1) and TenantID (2).
From this page you can also create a new Client Secret by clicking on Add a certificate or secret (3).

Untitled.png

Create the client secret and make sure to save a copy of the secret into a password vault to be used later when configuring the connection from vSEC:CMS to this App.

Untitled.png

Untitled.png

Setting API Permissions for the App

Select your application from EntraID Menu App Registrations - All Applications 

Untitled.png

Untitled.png

Untitled.png

For Delegated permissions select:

  • email
  • openid
  • profile
  • UserAuthenticationMethod.Read
  • UserAuthenticationMethod.Read.All
  • UserAuthenticationMethod.ReadWrite
  • UserAuthenticationMethod.ReadWrite.All
  • User.Read
  • User.Read.All
  • User.ReadWrite
  • User.ReadWrite.All

Click Add permissions to save.

For Application permissions select:

  • User.Read.All
  • User.ReadWrite.All
  • UserAuthenticationMethod.ReadWrite.All

Click Add permissions to save.

Grant admin consent for all permissions by clicking on Grant admin consent for <your App Name> (1)

Untitled.png

You should see similar as below.

Untitled.png

Now from vSEC:CMS you should be able to configure a connection to Entra ID from Options - Connections - Entra ID

Untitled.png