Register a Microsoft 365 application for Token Vault
This topic describes the first configuration task in the process of setting up an AutoStore workflow using Modern Authentication / OAuth2.
Perform this task at the Microsoft Identity Platform (Microsoft Entra ID) admin center.
-
Navigate to
https://portal.azure.com.
Your organization may use a national cloud because of data residency or compliance requirements. In this case, navigate to the corresponding national cloud Microsoft Entra ID portal endpoint instead.
-
https://portal.azure.us – for Microsoft Entra ID for US Government.
-
https://portal.azure.cn – for Microsoft Entra ID China operated by 21Vianet.
-
- Log in with an existing Microsoft 365 account.
- Select Microsoft Entra ID in the left navigation pane.
-
Select
App registrations.
The App registrations page opens.
-
Click the
New registration button to register a new
application.
The Register an application page opens.
-
Fill out the registration information of application:
-
Specify a
Name for the application.
The authorization process shows this name when asking end users to grant permissions for the application to access their cloud resources, so it is advised to pick a meaningful name.
-
Choose an account type under
Supported account types.
While registering a Microsoft 365 authorization provider in Token Vault, the Supported account type and Tenant name must be configured according to this application property.
-
From the
Redirect URI (optional) list choose
Web type and enter the URI corresponding
to your Token Vault configuration in the following format
‘https://<FQDN>:<port>/callback’ where:
-
FQDN is the Fully Qualified Domain Name of the Token Vault machine.
-
port is the value of HttpsPort setting in the Token Vault appsettings.json configuration file in case of https usage.
For example, https://tokenvaultmachine.testdomain.com:8381/callback.
This URI must be the same as the Redirect URI displayed by Token Vault on the Authorization Provider registration page.
-
-
Specify a
Name for the application.
-
Click
Register.
The new application is created with the specified name and a generated Application (client) ID but the application does not have any certificate or secret yet.
-
Copy the
Application (client) ID for later use.
This is required for the creation of a new Microsoft 365 authorization provider in Token Vault.
- Select Certificates & secrets in the menu on the left.
- Click the New client secret button in the panel on the right to generate a new client secret for the application.
-
Specify a
Description and select the expiry option
according to your policy requirements.
If the client secret expires, it must be renewed or replaced by the administrator. This also requires changing the Authorization Provider configuration in Token Vault.
- Click the Add button.
-
Copy the newly generated client secret value for later use.
This is a required application property for registering an Microsoft 365 authorization provider in Token Vault.
You can ONLY copy the client secret at this point in the workflow. After you leave this page you are not able to retrieve it. If you leave this page without copying the client secret, you must repeat the corresponding steps above and create a new one.