Configure Microsoft Entra ID settings

To perform this, do the following.

  1. Select Microsoft Entra ID & on-premises or Microsoft Entra ID as the Active Directory Type.
  2. Enter your Application (client) ID and Client Secret (value) (provided by Microsoft Entra admin center during the application registration task).
  3. Specify the Directory (tenant) ID according to the Supported account types property of the application registered at the Microsoft Entra admin center.

    • Enter the Directory (tenant) ID of the application registered at the Microsoft Entra admin center when 'Accounts in this organizational directory only (<your tenant's name> only - Single tenant)' is selected as Supported account types during application registration.

    • Enter organizations when 'Accounts in any organizational directory (Any Microsoft Entra ID directory - Multitenant)' is selected as Supported account types during the application registration at the Microsoft Entra admin center.

    • Enter common when 'Accounts in any organizational directory (Any Microsoft Entra ID directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)' is selected as Supported account types during the application registration at the Microsoft Entra admin center.

  4. Select the proper national cloud from the National Cloud list if your organization uses a national cloud due to data residency or compliance requirements. Otherwise, keep the default Microsoft Entra ID (global service) value.
  5. Click Save to save the authentication settings.
    To validate the configuration settings, your browser will redirect you to the login page for the Microsoft Entra admin center where you must login as a Global Administrator, an Application Administrator, or a Cloud Application Administrator. If the user was already logged in to the Microsoft Entra admin center, it is possible that no user interaction is needed for login.
  6. Click Restart service at the bottom of this page to restart the Token Vault service and apply your configuration changes.
When the user is logged in with an on-premises Active Directory user in Token Vault and changes the Active Directory Type to "Microsoft Entra ID" but the browser already has a signed-in Microsoft Entra ID user, then this Microsoft Entra ID user becomes the logged-on user in Token Vault automatically.