Application Registration

A Microsoft Entra ID Application Registration is required for Zeaware CDP when deploying into your private tenant. This application registration allows Zeaware CDP to interact with Microsoft Entra ID for the purpose of authenticating users, and also allows Zeaware CDP to search for users in Entra ID when performing admin functions.

It is recommended that you create a separate Application Registration for each environment with Zeaware CDP is deployed.

Creating the Application Registration

To create the Application Registration follow these steps:

  • Open the Azure Portal and navigate to Microsoft Entra ID
  • Select “Application registrations” from the sidebar menu
  • Click “New Registration”
  • Enter a name of the application, e.g. “Zeaware CDP test” for the test environment.
  • Choose “Accounts in this organizational directory only”
  • Click “Register”

Platform Configurations

Now we need to configure the Application Registration for use by the web portal. To do this follow these steps:

  • Now select the “Authentication” sidebar menu item.
  • Under “Platform configurations” click “Add platform”
  • Choose “Web”
  • Enter the redirect URI which will need relate to the AppService URI
  • Select “Access Tokens” and “ID tokens”
  • Select “Configure”

API Permissions

Now we need to configure API permissions to allow the Application Registration to read users from Microsoft Entra Id. To do this:

  • Choose the “API permissions” sidebar menu item
  • Click Add Permission
  • Add following 3 permissions:
    • Microsoft Graph – GroupMember.Read.All
    • Microsoft Graph – User.Read
    • Microsoft Graph – User.Read.All

Once added click the “Grant Admin Consent” button to enable these permissions.

Application Roles

Zeaware CDP can use Application Roles in Microsoft Entra Id to further enforce security, but only allowing users in the role to access the application. To create an application role follow these steps:

  • Now select the “App roles” sidebar menu item.
  • Click “Create app role”
  • Enter “zeaware-cdp-users” as the Display name
  • Select Users/Groups
  • Enter “zeaware-cdp-users” as the Value.
  • Enter “Zeaware CDP user role” or similar as the Description.
  • Select the checkbox to enable the application role.
  • Click “Apply”

© 2024, Zeaware Pty Ltd or its affiliates. All rights reserved.