Skip to main content
Sign in Menu

How to set up an application in the Microsoft Azure portal

  • Updated
This page guides you through the steps of how to set up an application in the Microsoft Azure portal and how to grant the right permissions to facilitate user synchronization and login via Single Sign-On.
 
To register a new application you need an account on Azure with enough permissions within your organization.

 

Set up an application

Step 1 – Register an application in the Azure AD portal

#1 — Go to portal.azure.com and sign in to the Azure portal

#2 — Select 'App registrations' in the side menu > Click 'New registration' on top

Register a new application

#3 — Provide the required app information and click 'Register' at the bottom of the page:

  1. Name:   Enter a meaningful application name
  2. Supported account types:   Select 'Accounts in this organizational directory only'
  3. Redirect URI:   Select 'Web' and fill in the following redirect URI:
    https://spencerlogin.b2clogin.com/spencerlogin.onmicrosoft.com/oauth2/authresp

fhCdZygKXOBf_CAAtwoN9hmZx_emcRjHxg.png

#4 — Share the Directory ID (orange) & Application ID (yellow) with Spencer

B6ZiSfYKr-cubRSHapOPVoFrNkek0WI0ng.png

 

Step 2 – Add a certificate

🚨 This step is only required when setting up the user synchronization via the MS Graph API.

 

#1 — Spencer will generate and share a certificate for you to install in the Azure portal. Generating the certificate is done by Spencer, not by the Customer.

To be fully transparent you can see how we generate the certificates below.

Generate certificateGeneric

openssl req -nodes -new -x509 -keyout {client}-{environment}.key -out {client}-{environment}.pem -days 365
Generate fingerprintGeneric
openssl x509 -fingerprint -in {client}-{environment}.pem
  1. Remove the ':' characters from the fingerprint and convert the hexadecimal bytes to Base64 using https://cryptii.com/base64-to-hex, using “Base64 (RFC 3548, RFC 4648)”.
  2. The output of this conversion provides you with a Base64 certificate thumbprint that needs to be configured in the back office.

 

#2 Upload the certificate provided by Spencer

Note:   Spencer will provide certificates for each required environment (staging, demo, production), named {client}-{environment}.cert. Make sure you add the staging certificate to the staging Azure application and the production certificate to the production Azure application.

 

Step 3 – Create a client secret

#1 — Go to the app's overview page and select 'Certificates & secrets' in the sidebar menu.

#2 — Click the 'New client secret' button. Add a description and select the maximum expiry period.

Important: It is important you keep the end date of the expiry period in a shared calendar and provide the info to your Spencer contact as well because Azure will not notify you when this expires.

Click 'Add'.

#3 — Copy the client secret and share it with Spencer
Important:  You can only copy the client secret right after the initial creation. You will not be able to do this later.

 

Grant the right permissions

Grant the following API permissions to the Spencer Azure application to sync users:

image001.png

Make sure all Spencer test accounts are included in your Azure AD. Share a list of these test accounts with Spencer. At least one test account is required. We prefer two or more accounts for efficient development and testing (eg. in case of employee/manager).

Related articles