Register a Microsoft 365 application for Token Vault

This topic describes the first configuration task in the process of setting up an AutoStore workflow using Modern Authentication / OAuth2.

Perform this task at the Microsoft Identity Platform (Microsoft Entra ID) admin center.

  1. Navigate to https://portal.azure.com.

    Your organization may use a national cloud because of data residency or compliance requirements. In this case, navigate to the corresponding national cloud Microsoft Entra ID portal endpoint instead.

  2. Log in with an existing Microsoft 365 account.
  3. Select Microsoft Entra ID in the left navigation pane.
  4. Select App registrations.
    The App registrations page opens.
  5. Click the New registration button to register a new application.
    The Register an application page opens.
  6. Fill out the registration information of application:
    1. Specify a Name for the application.
      The authorization process shows this name when asking end users to grant permissions for the application to access their cloud resources, so it is advised to pick a meaningful name.
    2. Choose an account type under Supported account types.
      While registering a Microsoft 365 authorization provider in Token Vault, the Supported account type and Tenant name must be configured according to this application property.
    3. From the Redirect URI (optional) list choose Web type and enter the URI corresponding to your Token Vault configuration in the following format ‘https://<FQDN>:<port>/callback’ where:
      • FQDN is the Fully Qualified Domain Name of the Token Vault machine.

      • port is the value of HttpsPort setting in the Token Vault appsettings.json configuration file in case of https usage.

        For example, https://tokenvaultmachine.testdomain.com:8381/callback.

        This URI must be the same as the Redirect URI displayed by Token Vault on the Authorization Provider registration page.

  7. Click Register.
    The new application is created with the specified name and a generated Application (client) ID but the application does not have any certificate or secret yet.
  8. Copy the Application (client) ID for later use.
    This is required for the creation of a new Microsoft 365 authorization provider in Token Vault.
  9. Select Certificates & secrets in the menu on the left.
  10. Click the New client secret button in the panel on the right to generate a new client secret for the application.
  11. Specify a Description and select the expiry option according to your policy requirements.

    If the client secret expires, it must be renewed or replaced by the administrator. This also requires changing the Authorization Provider configuration in Token Vault.

  12. Click the Add button.
  13. Copy the newly generated client secret value for later use.

    This is a required application property for registering an Microsoft 365 authorization provider in Token Vault.

    You can ONLY copy the client secret at this point in the workflow. After you leave this page you are not able to retrieve it. If you leave this page without copying the client secret, you must repeat the corresponding steps above and create a new one.