Microsoft Entra IDRegister your PSIsafe application

Register your PSIsafe application

The client ID is the unique Application (client) ID assigned to your app by Microsoft Entra ID when the app is registered. You can find the Application (Client) ID on the Overview page for the application in Identity > Applications > Enterprise applications.

Reference the Microsoft Learning Center for the most up-to-date instructions on registering an application in Microsoft Entra.

First, sign in to the Microsoft Entra admin center or Azure Portal.

Then follow the steps below to Register your PSIsafe Desktop application in Microsoft Entra ID:


  2. If you have access to multiple tenants, use the Settings in the top menu to switch to the tenant in which you want to register the application from Directories + subscriptions.
  3. Browse to IdentityApplications App registrations, and select New registration.
  4. Enter a Name for the application, such as identity-psisafe-desktop.
  5. For Supported Account Types, select Accounts in this organizational directory only (Single Tenant). This is the recommended option for a standard PSIsafe installation. For information on different account types, select Help me choose.
  6. Select Register.

    The application's Overview pane is displayed when your registration is complete. Record the Directory (tenant) ID (if you have not already) and the Application (client) ID for configuring PSIsafe Desktop with Microsoft Entra ID.

Add application permissions

Next, we must assign our newly-created PSIsafe application some specific permissions:

  1. Select API Permissions Add a Permission Microsoft APIs Microsoft Graph and under the Select Permissions field, input User.Read.All and ensure that after selecting the corresponding permission from the dropdown menu, that a checked version of the permission appears in a list below. This setting allows PSIsafe to read a Microsoft Entra User profile and obtain the corresponding information to automatically fill out within their associated local PSIsafe user profile.
  2. Select Grant admin consent for user@domain.com and ensure the green check mark appears.

Source your tenant ID and client ID

After PSIsafe Desktop is registered successfully in Azure portal, the client ID is displayed in Azure portal. If you did not record the client ID during the registration process, follow these steps to source your client ID:

  1. Browse to Identity > Applications > App registrations, and select your registered PSIsafe Desktop application.
  2. On the Overview tab, expand Essentials.

    The Application (client) ID and Directory (tenant) ID are displayed.

Create or source your client secret

The client secret (app password) must also be created during the application registration on Azure portal or provided to Microsoft Entra ID during app registration through PowerShell Microsoft Entra ID, PowerShell AzureRM, or Azure CLI.

Follow these steps to source your client secret:

  1. Sign in to Azure Portal or Microsoft Entra admin center.
  2. Browse to Identity > Applications > App registrations, and select your registered PSIsafe Desktop application.
  3. On the Certificates and Secrets tab, select Client Secrets.

    The Client Secret is displayed here if created, and can only be copied when first created. If you did not store your client secret when first created, you must create a new client secret.

  4. To create a new Client Secret for your PSIsafe application, select New Client Secret.

    The Client Secret is displayed within the Secret field. Copy the entire value of the secret field and save to an external location for later use.

    This value is only displayed in the Microsoft Entra platform a single time. Be sure to copy it to an external location immediately after creation.

Add authentication and redirect URIs for PSIsafe Web and PSIsafe Mobile

Next, to ensure proper functionality of PSIsafe Web and PSIsafe Mobile when using Microsoft Entra ID, an authentication configuration in the Microsoft Entra admin center or Azure Portal is required. Follow these steps to create a basic authentication configuration and corresponding redirect URI for your PSIsafe applications.

  1. Browse to IdentityApplications App registrations, and select Authentication.
  2. Select Add a platform.
  3. Under the Configure Platforms pane, select Single-page application.

    The Single-page application Redirect URIs container appears on the page.

  4. Input the following URI for PSIsafe Web: 

     http(s)://[PSIsafe Web URL]/login-callback

  5. Under the Configure Platforms pane, select Mobile and desktop applications.

    The Mobile and desktop applications Redirect URIs container appears on the page.

  6. Input the following URIs for PSIsafe Mobile: 

     https://login.microsoftonline.com/common/oauth2/nativeclient

     ms-appx-web://Microsoft.AAD.BrokerPlugin/[Client ID]

     msalpsisafe://auth