Create An Azure AD App & Service Account
Application Registration in Active Directory
-
On Azure Portal -> Azure Active Directory -> App Registration:
Create a "New Registration" which will be use as a Service Account for Akeyless Application.
-
Once the resource is created, navigate to Overview and note the Application (client) ID and Directory (tenant) ID.
Configure permission for Microsoft Graph
-
On the left pane, select API Permission, select Microsoft Graph:
-
On the Request API Permissions select Application permission:
-
Scroll down to User and check the User.ReadWrite.All:
-
After Updating the permissions, an admin must grant consent:
Required Permissions
| Action | Permissions |
|---|---|
| Create/Delete user | User.ReadWrite.All, Directory.ReadWrite.All |
| Add user to group | GroupMember.ReadWrite.All, Group.ReadWrite.All, Directory.ReadWrite.All |
| Add user role | RoleManagement.ReadWrite.Directory |
| Create/Delete application secret | Application.ReadWrite.OwnedBy, Application.ReadWrite.All |
Certificate & Secrets
-
Navigate to Certificate & Secrets on the left pane, create a New Client Secret.
-
Save the client secret, as it will not be retrievable once you move to other page/resource:
Updated 2 days ago