Introduction
We will walk through the steps of setting up an Entra ID application to integrate with vSEC:CMS. This integration allows you to leverage Entra ID for user management during credential issuance and to enable FIDO2 passkey creation and management. This is intended as a practical example, and assumes familiarity with Entra ID administration.
Register New App
From Entra ID Menu select App Registrations (1) - New Registration (2)
Enter a name for the App and select same as in below example for the account type.
The Overview of the application gives information about the ClientID (1) and TenantID (2).
From this page you can also create a new Client Secret by clicking on Add a certificate or secret (3).
Create the client secret and make sure to save a copy of the secret into a password vault to be used later when configuring the connection from vSEC:CMS to this App.
Setting API Permissions for the App
If Entra ID is solely for user management during credential issuance, not all listed permissions are required. vSEC:CMS only reads user data in this scenario.
Select your application from Entra ID Menu App Registrations - All Applications
For Delegated permissions select:
- openid
- profile
- UserAuthenticationMethod.Read
- UserAuthenticationMethod.Read.All
- UserAuthenticationMethod.ReadWrite
- UserAuthenticationMethod.ReadWrite.All
- User.Read
- User.Read.All
- User.ReadWrite
- User.ReadWrite.All
Click Add permissions to save.
For Application permissions select:
- User.Read.All
- User.ReadWrite.All
- UserAuthenticationMethod.ReadWrite.All
Click Add permissions to save.
Grant admin consent for all permissions by clicking on Grant admin consent for <your App Name> (1)
You should see similar as below.
Now from vSEC:CMS you should be able to configure a connection to Entra ID from Options - Connections - Entra ID