Register and Configure an Application in Entra ID

Before you can create Entra ID credentials and add Entra ID groups and users into BeyondInsight, you must first register and configure an application in the Entra ID tenant where the user accounts reside. The below steps walk through creating a registered application in Entra ID, creating a client secret for the registered app, and configuring API permissions for the registered app.

Create a Registered Application in Entra ID

Sign into Azure and connect to the Entra ID tenant where the credentials you wish to add into BeyondInsight reside. Then follow these steps:

  1. On the left menu, select App registrations.
  2. Click + New Registration.

Screenshot of registering an application in Entra ID

  1. Under Name, enter a unique application name.
  2. Under Supported account types, select Accounts in this organizational directory only.
  3. Click Register.

 

Create a Client Secret for the Registered App

  1. Select the newly created app from the list of App Registrations (if not already visible).

Entra ID create new client secret screenshot

  1. Select Certificates & secrets from the left menu.
  2. Click + New Client Secret.
  3. Provide a Description and appropriate Expiry. If you select 1 or 2 years, the directory credential must be refreshed in BeyondInsight with a new client secret on the anniversary of its creation.
  4. Click Add.

 

Entra ID copy client secret screenshot

  1. Copy the client secret and store it in a safe place. It is required when creating directory credentials for Entra ID in BeyondInsight.

This is the only time this client secret value is displayed.

 

Assign API Permissions to the Registered Application

  1. Select the newly created app from the list of App Registrations
  2. Select API Permissions from the left menu.

Azure add api permission to read all users screenshot

  1. Click + Add a permission.
  2. Click Microsoft Graph.
  3. Click Application Permissions.
  4. Search for User.Read.All and check the box in the search results.

 

Azure add api permission to read all groups screenshot

  1. Search for Group.Read.All and check the box in the search results.
  2. Click Add permissions.

 

Azure add domain permission to read all groups screenshot

  1. Search for Domain.Read.All and check the box in the search results.
  2. Click Add permissions.

 

Azure grant admin consent for user and group read all permissions screenshot

  1. Click Grant Admin Consent for <directory name> to give consent to the app to have those permissions you just added.
  2. Click Yes to confirm.

 

Screenshot of App Registration Overview page highlighting the client ID and tenant ID for copying.

Now that your registered app is created, has a client secret, and has API permissions assigned, select Overview from the left menu and copy the Application (client) ID and the Directory (tenant) ID. Store these in a safe place as these are required when creating directory credentials for Entra ID in BeyondInsight.

 

For more information on directory credentials, please see Create and Edit Directory Credentials.