App Registration Setup
Step-by-step guide to creating the Azure app registration for Securtea
Azureapp registrationsetupGraph API
App Registration Setup
Create an Azure app registration to connect Securtea to your Microsoft 365 tenant. This is typically done during onboarding but can be updated later.
Prerequisites
Before starting:
- Access to Azure Portal (portal.azure.com)
- One of these roles: Global Administrator, Application Administrator, or Cloud Application Administrator
- Your Microsoft 365 tenant ID
Step-by-Step Guide
Step 1: Open Azure Portal
- Navigate to portal.azure.com
- Sign in with your admin account
- Search for "Microsoft Entra ID" or "App registrations"
Step 2: Create New Registration
- Go to App registrations
- Click + New registration
- Complete the form:
| Field | Value |
|---|---|
| Name | Securtea Integration |
| Supported account types | Accounts in this organizational directory only (Single tenant) |
| Redirect URI | Leave blank |
- Click Register
Step 3: Copy Application IDs
On the overview page, copy:
- Application (client) ID - The app's unique identifier
- Directory (tenant) ID - Your tenant identifier
Save these for entering into Securtea.
Step 4: Create Client Secret
- Go to Certificates & secrets
- Click + New client secret
- Configure:
- Description:
Securtea Access - Expiration: 24 months (recommended)
- Description:
- Click Add
Copy the secret Value immediately. It's only shown once and cannot be retrieved later.
Step 5: Configure API Permissions
- Go to API permissions
- Click + Add a permission
- Select Microsoft Graph
- Select Application permissions
- Add these permissions:
| Permission | Category |
|---|---|
User.Read.All | Users |
Directory.Read.All | Directory |
SecurityEvents.Read.All | Security |
Policy.Read.All | Policy |
Group.Read.All | Groups |
RoleManagement.Read.Directory | Roles |
- Click Add permissions
Step 6: Grant Admin Consent
- Click Grant admin consent for [Your Organization]
- Click Yes to confirm
- Verify all permissions show green checkmarks
Admin consent requires Global Administrator privileges. If you don't have this, request consent from your admin.
Step 7: Enter Credentials in Securtea
- Return to Securtea
- Go to Settings > Integrations > Microsoft 365
- Enter:
- Tenant ID
- Client ID
- Client Secret
- Click Connect
Step 8: Test the Connection
- Click Test Connection
- Verify success message
- Review any warnings
Verifying Setup
In Azure Portal
Confirm:
- App registration exists
- All permissions granted
- Admin consent provided
In Securtea
Confirm:
- Connection status: Connected
- Test connection: Success
- Data syncing correctly
Common Setup Issues
Missing Permissions
If some features don't work:
- Check Azure app permissions
- Add missing permissions
- Re-grant admin consent
- Test connection in Securtea
Invalid Client Secret
If authentication fails:
- Check secret hasn't expired
- Verify you copied the Value (not Secret ID)
- Generate new secret if needed
- Update in Securtea
Wrong Tenant
If connecting to wrong tenant:
- Verify Tenant ID matches target tenant
- Ensure app registration is in correct tenant
- Update credentials in Securtea
Updating the Registration
Adding Permissions
To add permissions later:
- Open app registration in Azure
- Go to API permissions
- Add new permissions
- Grant admin consent
- No Securtea update needed
Rotating Secrets
To rotate the client secret:
- Create new secret in Azure
- Update secret in Securtea
- Test connection
- Delete old secret in Azure
Changing App Registration
To use a different app registration:
- Create new registration
- Update credentials in Securtea
- Test connection
- Optionally delete old registration
What's Next?
- Permissions - Detailed permission info
- Troubleshooting - Connection issues
- Microsoft 365 Overview - Integration features