Skip to main content

App Registration

Step 4 of onboarding - Connect your Microsoft 365 tenant to Securtea

AzureMicrosoft 365app registrationGraph APIconnection

App Registration

The final onboarding step connects your Microsoft 365 environment to Securtea. This requires creating an Azure app registration with appropriate permissions.

What is an App Registration?

An app registration is a secure identity in Microsoft Entra ID (formerly Azure AD) that allows Securtea to access your Microsoft 365 configuration data. It uses:

  • Client ID - A unique identifier for the application
  • Client Secret - A password-like credential for authentication
  • Permissions - Scoped access to specific Microsoft Graph APIs

Prerequisites

Before starting, ensure you have:

  • Azure Portal access - You'll create resources in Azure
  • Administrative role - Global Administrator, Application Administrator, or Cloud Application Administrator
  • Your Microsoft 365 tenant - The tenant you want to connect

Step-by-Step Guide

Step 1: Open Azure Portal

  1. Navigate to portal.azure.com
  2. Sign in with your administrative account
  3. Search for Microsoft Entra ID in the top search bar
  4. Click on Microsoft Entra ID from the results

Step 2: Create App Registration

  1. In the left sidebar, click App registrations
  2. Click + New registration at the top
  3. Fill in the registration form:
FieldValue
NameSecurtea Integration (or your preferred name)
Supported account typesAccounts in this organizational directory only (Single tenant)
Redirect URILeave blank for now
  1. Click Register

Step 3: Copy Application IDs

After registration, you'll see the app overview page. Copy these values:

  • Application (client) ID - The unique identifier for your app
  • Directory (tenant) ID - Your Microsoft 365 tenant ID

Store these securely - you'll enter them into Securtea.

Step 4: Create Client Secret

  1. In the left sidebar, click Certificates & secrets
  2. Click + New client secret
  3. Enter a description: Securtea Access
  4. Select an expiration period: 24 months recommended
  5. Click Add

Step 5: Configure API Permissions

  1. In the left sidebar, click API permissions
  2. Click + Add a permission
  3. Select Microsoft Graph
  4. Select Application permissions (not Delegated)
  5. Search for and add the following permissions:
PermissionPurpose
User.Read.AllRead user profiles
Directory.Read.AllRead directory configurations
SecurityEvents.Read.AllAccess security alerts
Policy.Read.AllRead Conditional Access policies
Group.Read.AllRead group settings
RoleManagement.Read.DirectoryRead role assignments
  1. Click Add permissions

Step 6: Grant Admin Consent

After adding permissions:

  1. Click Grant admin consent for [Your Organization]
  2. Confirm by clicking Yes
  3. Verify all permissions show a green checkmark under "Status"

Step 7: Enter Credentials in Securtea

Return to the Securtea onboarding page and enter:

  1. Tenant ID - The Directory (tenant) ID from Step 3
  2. Client ID - The Application (client) ID from Step 3
  3. Client Secret - The secret value from Step 4

Click Connect to establish the connection.

Step 8: Test the Connection

Securtea will verify the connection by:

  1. Authenticating with Microsoft Entra ID
  2. Testing access to Microsoft Graph API
  3. Confirming permissions are correctly configured

If successful, you'll see a success message and can proceed to your dashboard.

Troubleshooting

Invalid Client Error

Cause: Client ID or secret is incorrect.

Solution:

  1. Verify the Client ID matches Azure Portal
  2. Generate a new client secret if needed
  3. Ensure you copied the secret Value, not the ID

Insufficient Privileges Error

Cause: Missing permissions or admin consent.

Solution:

  1. Review the permissions in Azure Portal
  2. Ensure all required permissions are added
  3. Click "Grant admin consent" again
  4. Verify checkmarks appear for all permissions

Connection Timeout

Cause: Network or Azure service issues.

Solution:

  1. Check your internet connection
  2. Verify Azure services are operational
  3. Try again in a few minutes
  4. Check if your firewall blocks Azure endpoints

Tenant Not Found

Cause: Incorrect Tenant ID.

Solution:

  1. Return to Azure Portal > Microsoft Entra ID > Overview
  2. Copy the correct Directory (tenant) ID
  3. Update the value in Securtea

Secret Expired

Cause: The client secret has reached its expiration date.

Solution:

  1. Go to Azure Portal > App registrations > Your app
  2. Navigate to Certificates & secrets
  3. Create a new client secret
  4. Update the secret in Securtea settings

Security Best Practices

Secret Management

  • Rotate secrets regularly - Set a calendar reminder before expiration
  • Use appropriate expiration - Balance security with maintenance burden
  • Never share secrets - Don't send credentials via email or chat

Permission Scoping

  • Request minimum permissions - Only enable what you need
  • Review periodically - Remove unused permissions
  • Monitor access logs - Azure provides sign-in logs for apps

Access Control

  • Limit admin access - Only necessary personnel should manage the app
  • Enable alerts - Configure Azure to alert on suspicious app activity
  • Document the setup - Keep internal records of the configuration

Managing the Connection

After onboarding, manage your Microsoft 365 connection from Settings > Integrations:

  • Test connection - Verify the integration is working
  • Update credentials - Change the client secret when needed
  • View permissions - See what data Securtea can access
  • Disconnect - Remove the integration if needed

What's Next?

Congratulations! You've completed onboarding. You can now:

Global Search

Search for pages, settings, and documentation