Info Sharing Blog

Sunday, July 12, 2020

Application Registration in Azure Active Directory #CloudScribblings

July 12, 2020 Posted by jaacostan ,
When you register an application in Azure AD , you need to specify the application details and the permission details that the application should have when it access the Azure Services.
The application can authenticate through the Microsoft Identity platform. The Microsoft Identity platform uses OAuth 2.0 authorization service that enables a third-party application to access web-hosted resources. Once the application object is registered in Azure AD, it is called as a service principle.
When you register an application in Azure AD, you need to keep note of two things.
1) Application or Client Identity.
2) Directory or Tenant ID.
These ID's are automatically generated during the application registration. Normally, these two information are required to be specified at the application end.
After the registration, you may required to generate a client secret and that can be done from the AD -> Certificates & Secrets section. Note that once the secret is generated, you must copy the code somewhere secure (for example, your key vault). The moment you leaves the Certificates & Secrets page, you won't be able to see the generated secret again.
The final things that you may need to perform during the application registration process is, Configuring the API permission. (Under AD-> API permissions)
The Microsoft Identity platform supports the following permission types
Delegated permissions - Use this option when the applications have a signed-in user. The application is then delegated permissions to act on behalf of the signed-in user to make calls to a target resource.
Application permissions - These are applications that run without a signed-in user.
Finally, Grant Admin consent after creating the permission.

These are the major tasks that's needs to be performed in the Azure cloud, for registering an application in Azure Active Directory.