Create An Azure AD App & Service Account
Application Registration in Active Directory
-
In the Azure Portal, go to Azure Active Directory > App registration:
Create a New Registration that will be used as a service account for the Akeyless application.
-
Once the resource is created, navigate to Overview and note the Application (client) ID and Directory (tenant) ID.
Configure permission for Microsoft Graph
-
In the left pane, select API Permission, then select Microsoft Graph:
-
On Request API Permissions, select Application permission:
-
Scroll down to User and check the User.ReadWrite.All:
-
After updating the permissions, an admin must grant consent:
Required Permissions
| Action | Permissions |
|---|---|
| Create/Delete user | User.ReadWrite.All, Directory.ReadWrite.All |
| Add user to group | GroupMember.ReadWrite.All, Group.ReadWrite.All, Directory.ReadWrite.All |
| Add user role | RoleManagement.ReadWrite.Directory |
| Create/Delete application secret | Application.ReadWrite.OwnedBy, Application.ReadWrite.All |
Certificate & Secrets
-
In the left pane, navigate to Certificate & Secrets, then create a New Client Secret.
-
Save the client secret, as it will not be retrievable once you navigate elsewhere:
Updated 11 days ago