Home / , / How To Create Azure Apps Registration

How To Create Azure Apps Registration

This article explains how to register an application in Azure Active Directory in order to give access to Graph APIs.

The following steps will generate the Client Id and Client Secret needed in your Cloudiway connectors.

Step 1: Create a new Application.

Login to Azure portal using your Office 365 administrator account.

 

Azure Apps Registration

 

  • Click on New Registration

Give a name to the application.

Supported Account types: Select Accounts in their Organizational directory Only

Redirect URL is not used. Enter any value. I.e https://notused

Azure Register an Application

Click On Register.

 

Create a New Secret.

  • Click on Certificates and Secrets
  • Click On New Client Secret

Enter a description, an expiration date, and Click Add

 

Azure App Registrations New Client Secret

Save the client secret!

At this step, the Application is created.

Go to the Overview section. Save your Client ID:

Azure app client id

The last step before the Graph API Permissions, don’t forget to enable the “Allow public client flows” in Authentication

Graph API Authentication

Step 2: Graph API Permissions

  • Click On API Permissions
  • Click on Add a permission

Graph API Azure Microsoft and SharePoint

  • Depending on the scenario, use the table below to determine the permissions to add (Application Type):
ConnectorGraph APISourceTarget
GALSyncMicrosoft GraphDirectory.Read.All
Group.Read.All
User.Read.All
OrgContact.Read.All

To enable the modification of Guest or Mail user:
User.ReadWrite.All

To create items as Guests:
User.Invite.All
OneDriveMicrosoft GraphDirectory.Read.All
Files.Read.All
Sites.Read.All
Group.Read.All
User.Read.All 		Directory.Read.All
Files.ReadWrite.All
Sites.ReadWrite.All
Sites.FullControl.All
Group.ReadWrite.All
User.Read.All
TeamsMicrosoft GraphDirectory.Read.All
Files.Read.All
Group.Read.All
Group.Read.All (Delegated Type)
Group.ReadWrite.All *
Sites.Read.All
User.Read.All		Directory.Read.All
Files.ReadWrite.All
Group.ReadWrite.All
Group.ReadWrite.All (Delegated Type)
Sites.ReadWrite.All
User.ReadWrite.All
SharePointMicrosoft GraphDirectory.Read.All
Files.Read.All
Group.Read.All
Group.ReadWrite.All *
Sites.Read.All
User.Read.All		Directory.Read.All
Files.ReadWrite.All
Group.ReadWrite.All
Sites.ReadWrite.All
User.ReadWrite.All

* The migration account needs to be Owner and Member of the Group/Team in the source and the target. If it is not Owner and Member of the Team, the migration engine will add it automatically with the permission Group.ReadWrite.All.

The product also needs a scope for Exchange Web Service (EWS) Oauth. The process for adding the EWS scopes are slightly different and is documented here by Microsoft: https://docs.microsoft.com/en-us/exchange/client-developer/exchange-web-services/how-to-authenticate-an-ews-application-by-using-oauth

Azure configure for app-only authentication

 

i.g. for Teams connector:

Source >

Teams Source Graph

Target >

Teams Target Graph

 

  • To add permission, click on Microsoft Graph or SharePoint in the list, select Application permissions, and add the relevant permissions.

azure request API permissions

 

  • When all the permissions are added, close the API select window, click on Grant admin consent.

API Permissions Grant Admin Consent

 

You’re all set! All you need to do is provide the Client Id and Client Secret in your connector!

Meet Cloudiway - A powerful migration and coexistence platform. We support Teams, G Suite, Office 365, Zimbra, Lotus, and more...
Register Now