Create An Azure AD App & Service Account

Application Registration in Active Directory:

  1. On Azure Portal -> Azure Active directory -> App Registration:

Create a "New Registration" which will be use as a Service Account for Akeyless Application.

  1. Once the resource is created, navigate to Overview and note the Application (client) ID and Directory (tenant) ID.

Configure permission for Microsoft Graph:

  1. On the left pane, select API Permission , select Microsoft Graph:
  1. On the Request API Permissions select Application permission :
  1. Scroll down to User and check the User.ReadWrite.All:

The following permissions required:



Create/Delete user

User.ReadWrite.All, Directory.ReadWrite.All

Add user to group

GroupMember.ReadWrite.All, Group.ReadWrite.All and Directory.ReadWrite.All

Add user role


Create\Delete Application secret

Application.ReadWrite.OwnedBy, Application.ReadWrite.All

  1. After Updating the permissions, an admin must grant consent:

Certificate & Secrets:

  1. Navigate to Certificate & Secrets on the left pane, create a New Client Secret.
  1. Save the client secret, as it will not be retrievable once you move to other page/resource:

Did this page help you?