Skip to main content

Mobile AAD Setup – Creating Azure AD Web API Registration (Server Side)

This is effectively creating the initial web API registration for the server side RESTful services. This allows a web API with the correct details to authorise accounts.

  1. Open the Azure portal (https://portal.azure.com) and log in with your credentials.

  2. Make sure that you are using the appropriate Azure tenant domain. We recommend that the default xxx.onmicrosoft.com tenant be used (eg. mytenant.onmicrosoft.com)

  3. Find the menu item “Azure Active Directory”. As there are a few ways to find the link on the portal, the simplest way is to perform a search for “Active Directory” and it will be listed as a service.

  4. Once you have found the option, select it and then select “App registrations”; you will be presented with the following screen:

    Open

    App registrations screen

  1. Select “+ New application” at the top; you will get the following screen:

    Open

    Register an application screen

  2. Fill in the following details:

    • Name – This is the name of the application, it must be the value M1x

    • Supported account types – Select “Accounts in this organizational directory only

    • Platform configuration – Select “Web API

      Once the details are filled in, click the “Register” button.

  3. Once created you will see the following screen:

    Open

    API permissions screen

  4. On the right of “Microsoft Graph (1)”, there are three dots. Right-click to bring up a menu, then select “Remove all permissions”. A prompt will ask you to confirm, click “Yes, remove” to remove this item:

    A screenshot of a cell phone Description automatically generated

  5. Click “+ Add a permission”, ensure “Microsoft APIs” are selected at the top and click on “Microsoft Graph”:

    Open

    Request API permissions screen

    A screenshot of a cell phone Description automatically generated

  6. Select “Delegated permissions”, scroll down to “User” and expand the tree. Tick the item “User.Read” and then click “Add permissions”:

    Open

    Request API permissions screen

    A screenshot showing User.Read ticked

  7. Click “Expose an API” on the left side menu, you will see the following screen:

    Open

    Expose an API screen

    A screenshot of a cell phone Description automatically generated

  8. Note that the heading “Application ID URI” near the top will have a “Set” link, click “Set” to open the dialogue that will allow you to set an application ID URI:

    A picture containing knife Description automatically generated

  9. Enter the Application ID URI as the combination of the default tenant with HTTPS at the beginning and the M1x directory (eg. https://mytenant.onmicrosoft.com/M1x). Click “Save” to set the Application ID URI.

  10. Click “+ Add a scope” and you will see the following dialogue:

    Open

    Add a scope dialogue

    A screenshot of a cell phone Description automatically generated

  11. Fill in the following details:

    • Scope name – This is the name of the scope, it must be the value user_impersonation

    • Who can consent? – Select “Admins and users

    • Admin consent display name – Enter the value Access M1x

    • Admin consent description – Enter: Allow the application to access M1x on behalf of the signed-in user.

    • User consent display name - Enter the value Access M1x

    • User consent description – Enter: Allow the application to access M1x on your behalf.

    Once the details are filled in, click the “Add scope” button.

  12. Click the “+ Add a scope” button again to create another scope. Fill in the following details:

    • Scope name – This is the name of the scope, it must be the value User.Read

    • Who can consent? – Select “Admins and users

    • Admin consent display name – Enter the value Read user profile

    • Admin consent description – Enter: Allows the app to read the user profile

    • User consent display name - Enter the value Read your profile

    • User consent description – Enter: Allows the app to read your user profile

      Once the details are filled in, click the “Add scope” button.

  13. There should now be two scopes as well as the Application ID URI as displayed:

    A screenshot of a cell phone Description automatically generated

  14. Select API Permissions on the left menu to add more permissions with the scopes that have just been added above.

  15. Click “+ Add a permission”, ensure “My APIs” are selected at the top and click on “M1x”:

    A screenshot of a cell phone Description automatically generated

  16. Expand “User” then tick the boxes that correspond to “user_impersonation” and “User.Read”. Click “Add permissions” when done:

    Open

    Select permissions screen

    A screenshot of a cell phone Description automatically generated

  17. Select “Authentication” on the left menu; you will see:

    Open

    Authentication screen

    A screenshot of a cell phone Description automatically generated

  18. Click “+ Add a Platform”, then select “Web

    Open

    Configure platforms screen

    A screenshot of a cell phone Description automatically generated

  19. Enter https://localhost as the value within “Redirect URIs” and ensure that “Access tokens” and “ID Tokens” are ticked. Click “Configure” when done.

    Open

    Configure Web screen

  20. Click on “Branding” on the left menu, then fill in the “Home” with the value https://localhost and click “Save”:

    Open

    Branding screen

    A screenshot of a cell phone Description automatically generated
Did this answer your question?