Skip to main content

Setting Up an App Registration in Microsoft Entra ID

This guide walks you through creating an App Registration in Microsoft Entra ID so Adcyma can manage users and groups in your tenant, with optional Exchange Online support.

Prerequisites

Important

You need the Application Administrator role in Entra ID to complete this setup.

Step 1: Access App Registrations

  1. Sign in to your Microsoft Entra ID tenant
  2. Navigate to Microsoft Entra ID from the main dashboard
  3. In the left navigation panel, expand Manage
  4. Select App registrations
  5. Click New registration

Step 2: Register the Application

  1. Enter a descriptive name for the application (e.g., "Adcyma")
  2. Keep the default selection for supported account types
  3. Leave the redirect URI blank for now
  4. Click Register to create the app registration

Step 3: Generate Client Secret

  1. In your newly created app registration, navigate to Certificates & secrets
  2. Under the Client secrets tab, click New client secret
  3. Enter a meaningful description for the secret
  4. Choose an appropriate expiration period (remember to track this date)
  5. Click Add

Save your credentials now

Copy the Client Secret Value immediately. It won't be shown again after you leave this page.

You'll also need your Tenant ID from the app's Overview page.

Step 4: Configure Microsoft Graph Permissions

Add Required Permissions

  1. Navigate to API permissions
  2. Click Add a permission
  3. Select Microsoft Graph
  4. Choose Application permissions

Grant Essential Permissions

Add the following permissions:

Search for and select User.ReadWrite.All. This lets Adcyma create, update, and deprovision Entra ID users.

Search for and select Group.ReadWrite.All. This lets Adcyma manage your groups.

Search for and select AuditLog.Read.All. This lets Adcyma read last sign-in timestamps shown in the People Hub.

Search for and select User.EnableDisableAccount.All. This lets Adcyma enable and disable user accounts.

After adding all permissions, click Grant admin consent to activate them.

Step 5: Exchange Online Integration (Optional)

Optional

Only needed if you want Adcyma to manage Exchange tasks like converting mailboxes.

Add Exchange Permissions

  1. In API permissions, click Add a permission
  2. Go to APIs my organization uses
  3. Search for and select Office 365 Exchange Online
  4. Choose Application permissions
  5. Select Exchange.ManageAsApp
  6. Click Add permissions

Assign Exchange Administrator Role

  1. Navigate to Microsoft Entra ID > Roles and administrators
  2. Ensure All roles is selected in the sidebar
  3. Search for Exchange Recipient Administrator
  4. Click on the role to open its details page
  5. Click + Add assignments
  6. Switch to the Apps tab
  7. Search for your Adcyma app registration
  8. Select the app and click Add

Done

Your App Registration is set up with:

  • User and group management permissions
  • A client secret for API access
  • Exchange integration (if you completed Step 5)

Next Steps

You'll need these three values when configuring Adcyma:

  • Tenant ID (from the app's Overview page)
  • Application (Client) ID (from the app's Overview page)
  • Client Secret (the value you saved in Step 3)

Security reminders

  • Track your client secret expiration date and renew it before it expires
  • Review the granted permissions regularly
  • Consider certificate-based authentication for production