Learn how to register an Azure Entra ID app for delegated user authentication using Microsoft Graph API. Follow our step-by-step guide for a seamless setup process.
In this comprehensive tutorial, you’ll learn how to register an application in Azure Entra ID (formerly known as Azure Active Directory) to enable delegated user authentication using Microsoft Graph API. Whether you’re a developer looking to integrate Microsoft services into your application or an IT professional aiming to streamline user management, this guide will provide step-by-step instructions on setting up and configuring your app in the Azure portal. We’ll cover key concepts, best practices, and troubleshooting tips to ensure a seamless setup process, empowering you to leverage the full potential of Microsoft Graph for your organization’s needs.
Prerequisites
Before you begin this tutorial, ensure you have the following:
- Azure Entra ID (Azure Active Directory) Access: Access to an Azure Entra ID tenant where you have sufficient permissions to register an application. This typically requires a role like Application Administrator or Global Administrator.
- Microsoft 365 Developer Account (Optional but recommended): A Microsoft 365 developer account to test Microsoft Graph API calls and interactions.
By ensuring these prerequisites are met, you’ll be well-prepared to follow along with the tutorial and successfully register your Azure Entra ID application for delegated user authentication.
Register application for user authentication
Login to Azure Portal. Click on top-left hamburger menu and select Microsoft Entra ID.
Click on “App registrations” under “Manage.”
Select “New registration.”
Enter a name for your application, for example, “Graph User Auth Tutorial.”
Set Supported account types as desired I will go with Multitenant. The options are:
| Option | Who can sign in? |
|---|---|
| Accounts in this organizational directory only | Only users in your Microsoft 365 organization |
| Accounts in any organizational directory | Users in any Microsoft 365 organization (work or school accounts) |
| Accounts in any organizational directory … and personal Microsoft accounts | Users in any Microsoft 365 organization (work or school accounts) and personal Microsoft accounts |
Leave Redirect URI empty. Select Register. On the application’s Overview page, copy the value of the Application (client) ID and save it, you will need it in the next step. If you chose Accounts in this organizational directory only for Supported account types, also copy the Directory (tenant) ID and save it.
Select Authentication under Manage. Locate the Advanced settings section and change the Allow public client flows toggle to Yes, then choose Save.
Please note, the above setting is only configured for Mobile or Desktop flows. If your application does not have a front end where users can log in, use Device Code Flow. Your app will show a URL for login and provide a code to enter on the login page.
Conclusion
In conclusion, registering your application in Azure Entra ID and configuring it for delegated user authentication is a crucial step for integrating Microsoft Graph API into your solutions. By carefully setting the supported account types and understanding the authentication flows, you ensure that your application can securely and efficiently handle user interactions. Following these steps will help you leverage Azure’s powerful identity services to enhance your app’s functionality and user experience.
