Register an Azure Tenant

For PMC to query Azure AD groups, a communication channel between PMC and Azure AD must exist.

There are two key steps to create a channel:

  • Create an app registration in Azure and grant the appropriate permissions. You must also set up an authentication method.
  • Configure PMC with the app registration.

This section details the steps to register an Azure tenant.


  • Microsoft Azure Commercial

Microsoft 365 Government Community Cloud (GCC) High is not supported.

For more information about the differences, please see National cloud deployments at

Register a Tenant

  1. Go to
  2. Select the directory that contains the Azure AD you want to register with PMC.

App registration service in the Azure portal

  1. Search for the App registrations service and select it.


Azure new registration page

  1. Click New registration.


  1. Give the registration a name. For example, PM Cloud Registration.
  2. Select the Supported account types you require for your business needs.
  3. Ignore the setting Redirect URI.
  4. Click Register an application.
  5. Go to Manage > API Permissions and click Add a permission.
  6. Click Microsoft Graph, and then Application permissions.

In the Azure app registration portal, add permissions on the Request API permissions page

  1. Add the following permissions. Search by name, and then select the permission when it displays.
    • Domain.Read.All
    • GroupMember.Read.All
    • User.Read.All


  1. After all 3 permissions are selected, click Add permissions.
  2. Finally, you must grant the permissions. Click Grant admin consent for (Directory Name).


Configure Authentication

You need to choose an authentication method to create a trust relationship between PMC and Azure. There are two authentication methods available:

  • Certificate authentication
  • Client-secret authentication

Use Certificate Authentication

  1. In the PMC console, select Configuration > Azure AD Settings.
  2. Click Download Certificate.
  3. Go to the Azure app registrations portal, and then select Certificates & secrets.
  4. Click Upload certificate.

Use Clients-Secret Authentication

Certificates & secrets in the Azure app registration portal

  1. In the Azure app registrations portal, select Certificates & secrets.


  1. Select Client-Secret Authentication.
  2. Click New Client Secret.
  3. Select an appropriate expiry time, and click Add.
  4. Copy the value to your clipboard.
  5. Go to the PMC console, select Administration > Access Settings > Azure AD Settings.
  6. Paste the client secret value into the Application Client Secret box.
  7. Click Save Changes.

Client and Tenant IDs

Overview tab selected in Azure app registrations

Go to the Overview node and note the Application (client) ID and the Directory (tenant) ID. These are used in the PMC administration console.