Create An Azure AD App & Service Account
Application Registration in Active Directory:
- On Azure Portal -> Azure Active directory -> App Registration:
Create a "New Registration" which will be use as a Service Account for Akeyless Application.
- Once the resource is created, navigate to Overview and note the Application (client) ID and Directory (tenant) ID.
Configure permission for Microsoft Graph:
- On the left pane, select API Permission , select Microsoft Graph:
- On the Request API Permissions select Application permission :
- Scroll down to User and check the User.ReadWrite.All:
The following permissions required:
| Action: | Permissions: |
|---|---|
| Create/Delete user | User.ReadWrite.All, Directory.ReadWrite.All |
| Add user to group | GroupMember.ReadWrite.All, Group.ReadWrite.All and Directory.ReadWrite.All |
| Add user role | RoleManagement.ReadWrite.Directory |
| Create\Delete Application secret | Application.ReadWrite.OwnedBy, Application.ReadWrite.All |
- After Updating the permissions, an admin must grant consent:
Certificate & Secrets:
- Navigate to Certificate & Secrets on the left pane, create a New Client Secret.
- Save the client secret, as it will not be retrievable once you move to other page/resource:
Updated about 1 year ago