How to Create and Configure the Azure Application

Create New Application Registration

  1. Go to https://portal.azure.com/
  2. Log in with Azure Global Admin user credentials.
  3. Click Microsoft Entra Id and click on the desired directory.
  4. From the menu select App Registrations.
  5. Click New registration to register a new app.
  6. Name: Enter a name for your app.
  7. Supported account types: Select Account in this organizational directory only (BA Insight only - single tenant).
  8. Redirect URI: Complete the following:
    1. Application type: Select Web from the Redirect URI drop-down menu.
    2. Web app URL: Enter a URL of your choosing. (The URL is not used in the SharePoint Online Authorization mechanism)
  9. Click Register at the bottom of the page.

Configure Application Permissions

  • Within the app, expand Manage > API permissions.

  • Under API Permissions, click Add a permission > Microsoft Graph.

  • Select the following permissions for the app:

    APPLICATION PERMISSIONS > Select the following permissions:

    • Directory.Read.All
    • Group.Read.All
    • Member.Read.Hidden
    • User.Read.All
    • Team.ReadBasic.All
  • Click Grant consent to grant the selected permissions.

Configure the Azure App to Use Certificate Authentication

Export the Certificate

There are multiple methods that can be used to create a certificate. Upland BA Insight recommends the following instructions to create a certificate: Create and Configure Certificate

If you use another program, such as IIS, when you export the certificate, ensure you do not mark the key as exportable:

Also, when exporting your certificate using IIS, note that it MUST BE Base-64 encoded:

 

Upload the Certificate to Azure App

  1. Open the Azure app you created in the previous steps and click Certificates and secrets in the left panel.
  2. Upload your newly created certificate.

Assign the required roles

To access blob data in the Azure portal with Microsoft Entra credentials, a user must have the following role assignments:

To add these roles, do the following:

  1. In the Azure portal, select your Azure storage account.

  2. In the left panel, click Access control (IAM).

  3. Click Role assignments > Add > Add role assignment.

  4. On the Role tab, select the roles listed above.

  5. Click Save.

For more information, see Assign Azure roles using the Azure portal in the Microsoft documentation