/
Microsoft Entra ID - App Registration

Microsoft Entra ID - App Registration

πŸ”§ Guide: Setting Up Microsoft Entra ID App for API Access

This guide explains how to register a Microsoft Entra ID (formerly Azure AD) app to allow secure API access to user and group information β€” including avatars (also known as profile images) β€” via Microsoft Graph.

βœ… Goal: Provide the Tenant ID, Client ID, and Client Secret to our team so we can integrate securely with your Entra ID.

πŸ“Œ Prerequisites

Before you begin, ensure the following:

  • You have access to an Azure account with an active subscription.

  • You have permission to register applications (you need to be at least an Application Developer in Entra ID).

  • You can access Microsoft Entra ID in the Azure Portal.

πŸ› οΈ Step 1: Register a New App in Azure

  1. Go to https://portal.azure.com

  2. In the left-hand menu, open Microsoft Entra ID

  3. Click App registrations β†’ + New registration

  4. Fill in:

    • Name: TeamForm API Integration

    • Supported account types: Choose Single tenant

    • Redirect URI: Leave this blank (unless we specify one)

  5. Click Register

ℹ️ Why Single Tenant?
Because this app will only be used within your Microsoft Entra ID environment. The credentials will be securely shared with TeamForm so we can access your user and group data via Microsoft Graph. You do not need to allow access from other tenants or personal accounts.

πŸ“‹ Step 2: Gather Required Information

After registration, you’ll be taken to the app’s overview page. Please copy and share the following with us:

Field

Example

Field

Example

Application(client) ID

2222222-6666-7777-8888-999999999999

Directory(tenant) ID

11111111-2222-3333-4444-555555555555

Β 

πŸ” Step 3: Create a Client Secret

  1. Click the link Add a certificate or Secret

  2. Under the Client secrets section, click + New client secret

  3. Add a description (e.g. IntegrationSecret)

  4. Choose an expiration (e.g. 12/24 months according to agreement)

  5. Click Add

  6. Copy the value of the client secret immediately β€” it won’t be shown again.

⚠️ Important: Please send this secret securely (not by plain email). Use a secure method like a password manager, secure link, or encrypted message.

πŸ”“ Step 4: Add API Permissions

  1. Go to API permissions

  2. Click + Add a permission

  3. Choose Microsoft Graph

  4. Select:

    • Application permissions (recommended for background services), or

    • Delegated permissions (if acting on behalf of users)

  5. Add the following permissions (or as needed):

Type

Permissions

Type

Permissions

Application

User.Read.All, Group.Read.All, Directory.Read.All

  1. Click Grant admin consent to activate them

βœ… Summary β€” Please Share with Us

Field

Value (example shown)

Field

Value (example shown)

Tenant ID

2222222-6666-7777-8888-999999999999

Client ID

11111111-2222-3333-4444-555555555555

Client Secret

aaaaaaxxxxyyyyyyy

πŸ”’ Reminder: Share the secret via a secure channel.

πŸ“š References