Introduction
This article will provide an example on how to setup and configure an Entra ID app so it can be used with vSEC:CMS for managing FIDO2 credentials. This is an example only and it is expected that readers of this article are familiar with using/configuring Entra ID.
Register New App
From EntraID Menu select App Registrations (1) - New Registration (2)
Enter a name for the App and select same as in below example for the account type.
The Overview of the application gives information about the ClientID (1) and TenantID (2).
From this page you can also create a new Client Secret by clicking on Add a certificate or secret (3).
Create the client secret and make sure to save a copy of the secret into a password vault to be used later when configuring the connection from vSEC:CMS to this App.
Setting API Permissions for the App
Select your application from EntraID Menu App Registrations - All Applications
For Delegated permissions select:
- openid
- profile
- UserAuthenticationMethod.Read
- UserAuthenticationMethod.Read.All
- UserAuthenticationMethod.ReadWrite
- UserAuthenticationMethod.ReadWrite.All
- User.Read
- User.Read.All
- User.ReadWrite
- User.ReadWrite.All
Click Add permissions to save.
For Application permissions select:
- User.Read.All
- User.ReadWrite.All
- UserAuthenticationMethod.ReadWrite.All
Click Add permissions to save.
Grant admin consent for all permissions by clicking on Grant admin consent for <your App Name> (1)
You should see similar as below.
Now from vSEC:CMS you should be able to configure a connection to Entra ID from Options - Connections - Entra ID