Step 1. Create a client application in Azure

Table of Contents

 

Introduction

First, we need to create a client application in Azure for the AD synctool with the appropriate API permissions. This way, the Workspace its API accepts information from the synctool.

Note: the App registration that you will need to create in this step, is separate from the SSO App registration. Meaning, if you ever need to change something to the App registration created for the Azure AD synctool, it will not affect users being able to sign into the Workspace environment.


Configuration

  1. Go to Azure and log in as an administrator.
  2. Go to App registrations.
    • Click New Registration.
    • Fill in a name.
    • Click Register.
  3. Go to API Permissions
    • Add the permissions below.

      Be sure you select Microsoft Graph -> Application permissions.
      mceclip0.png

      Be sure to grant admin consent on the permissions.
      mceclip1.png

  4. Go to Certificates & Secrets. 
    • Click New client secret.
    • Fill in a description for the client secret.
    • Set the expiration date.
      The sync will not work anymore if the client secret expires. However, you can use PowerShell to add an app secret valid for 99 years. Copy the script below to PowerShell ISE and change the following values:

      $APPObjectID: enter the Object ID of the synctool's app registration here
      $AppSecret: enter a name for the secret key. This will be displayed as the client secret's Description in Azure
      #Parameters
      $APPObjectID = "xxxxxxxx"
      $AppSecret ="Client Secret for AAD synctool"

      #Connect to Microsoft Entra ID (Azure AD)
      Connect-AzureAD

      #Add App Secret - Valid for 99 Years
      $StartDate = Get-Date
      $EndDate = $StartDate.AddYears(99)
      $AAdAppsecret = New-AzureADApplicationPasswordCredential -ObjectId $APPObjectID -StartDate $StartDate -EndDate $EndDate -CustomKeyIdentifier $AppSecret

      #Get the Secret Set
      Write-host $AAdAppsecret.Value

      #See the Secret set
      Read-Host $AAdAppsecret.Value
    • Click Add.
    • Note down the value! You will need this later on.
  5. Note down the following information from the Overview page. This information is needed for the next step. 
    • Application (client) ID
    • Tenant ID
    • Tenant name (e.g. mycompany.onmicrosoft.com)
    • Client secret (value)

Proceed to step 2

Back to top