Skip to main content

Setting Up an App Registration in Microsoft Entra ID

This guide walks you through creating an App Registration in Microsoft Entra ID so Adcyma can integrate with your tenant for user and group management, with optional Exchange Online capabilities.

Prerequisites

Important Requirement

You must have Application Administrator role permissions to complete this setup process.

Step 1: Access App Registrations

  1. Sign in to your Microsoft Entra ID tenant
  2. Navigate to Microsoft Entra ID from the main dashboard
  3. In the left navigation panel, expand Manage
  4. Select App registrations
  5. Click New registration

Step 2: Register the Application

  1. Enter a descriptive name for the application (e.g., "Adcyma")
  2. Keep the default selection for supported account types
  3. Leave the redirect URI blank for now
  4. Click Register to create the app registration

Step 3: Generate Client Secret

  1. In your newly created app registration, navigate to Certificates & secrets
  2. Under the Client secrets tab, click New client secret
  3. Enter a meaningful description for the secret
  4. Choose an appropriate expiration period (remember to track this date)
  5. Click Add

Critical: Save Your Credentials

Immediately copy and securely store both the Client Secret Value. The secret value will never be displayed again after you leave this page.

You'll also need your Tenant ID (found in the app's Overview page) for Adcyma configuration.

Step 4: Configure Microsoft Graph Permissions

Add Required Permissions

  1. Navigate to API permissions
  2. Click Add a permission
  3. Select Microsoft Graph
  4. Choose Application permissions

Grant Essential Permissions

Add the following two critical permissions:

For user management, search for and select User.ReadWrite.All. This allows Adcyma to manage Entra ID users.

For group management, search for and select Group.ReadWrite.All. This allows Adcyma to manage your groups.

After adding both permissions, click Grant admin consent to activate them.

Step 5: Exchange Online Integration (Optional)

Optional Configuration

Complete this section only if you want Adcyma to manage Exchange tasks like converting user mailboxes to shared mailboxes.

Add Exchange Permissions

  1. In API permissions, click Add a permission
  2. Go to APIs my organization uses
  3. Search for and select Office 365 Exchange Online
  4. Choose Application permissions
  5. Select Exchange.ManageAsApp
  6. Click Add permissions

Assign Exchange Administrator Role

  1. Navigate to Microsoft Entra ID > Roles and administrators
  2. Ensure All roles is selected in the sidebar
  3. Search for Exchange Recipient Administrator
  4. Click on the role to open its details page
  5. Click + Add assignments
  6. Switch to the Apps tab
  7. Search for your Adcyma app registration
  8. Select the app and click Add

Configuration Complete

Your App Registration is now properly configured with:

  • User and Group management permissions
  • Client secret for secure API access
  • Exchange integration for mailbox management (if configured)

Next Steps

Provide the following information during your Adcyma setup process:

  • Tenant ID (found on the app's Overview page)
  • Application (Client) ID (found on the app's Overview page)
  • Client Secret (the value you saved during Step 3)

Security Reminders

  • Monitor your client secret expiration date and renew before it expires
  • Regularly review the permissions granted to ensure they align with your security policies
  • Consider implementing certificate-based authentication for enhanced security in production environments