Entra ID App Registration

Introduction

By registering an application, a trust relationship is established between Docusnap365 and the Microsoft Entra ID as an identity provider. Docusnap365 accesses the protected Microsoft-365 resources via a registered application.

There are two methods in Docusnap365 to add an Entra ID App Registration to the vault. The first method allows for direct creation through Docusnap365. The second method requires manual creation in the Azure Portal, but the drawback is that permissions must be configured individually.

• Entra ID App Registration via Docusnap365
• Manual Creation of Entra ID App Registration"

Entra ID App Registration via Docusnap365

For an Entra ID App Registration using Docusnap365, the Entra-ID user must be in the “Global Administrators” group. Authentication and authorization are handled directly through Microsoft Entra. The Entra ID App registration can be done via the Microsoft-365 assistant, configuration settings, or the Docusnap Enterprise Gateway.

1. Create App Registration:
   • Click on the gear icon in the top right and navigate to “Configuration” > “Vault”. In the drop-down menu “Add”, select the option “Create Entra ID App”.
   • Alternatively: Register via the “Microsoft 365” discovery assistant or the Docusnap Enterprise Gateway.
2. Enter data in the dialog window:
   • App Name: Allows input of letters (a - z, A - Z), special characters, spaces, and numbers.
   • Primary Domain/Tenant ID: This information can be found in the Azure Portal under “Microsoft Entra ID”.
3. Generate device code:
   • Click on “Create Device Code”. The code is automatically copied to the clipboard but can also be copied manually.
4. Verify Entra ID App:
   • After clicking “Register Entra ID App”, a new browser tab opens for entering the device code.
5. Sign in to the Azure Portal:
   • Sign in to the Azure Portal to complete the app registration.
6. Confirm sign-in:
   • Confirm the “Sign in via Microsoft Azure CLI”.

After completing the steps, a new entry for the registered app appears in the Docusnap365 vault list.

Verify Entra ID App Registration

Checking an Entra ID App registration allows for verifying certificates, key information, and permissions. The procedure for this is identical to creating a new app registration: generate device code, verify device code, sign in to the Azure Portal, and confirm the sign-in.

Update Entra ID App Registration

When creating Entra ID App registrations, we always secure them with a certificate and client secrets. Currently, we only assign permissions that are necessary for discovery, following the principle: “As little as possible, as much as necessary”. With extensions, additional permissions may be required. Certificates, client keys, and permissions can be updated as needed to keep them up-to-date. The procedure is identical to creating a new app registration: generate device code, verify device code, sign in to the Azure Portal, and confirm the sign-in.

Manual Creation of Entra ID App Registration

1. Manually create app registration:
   • Click on the gear icon in the top right and navigate to “Configuration” > “Vault”. In the drop-down menu “Add”, select the option “Add Entra ID App”.
2. Enter data in the dialog window:
   • App Name: Allows input of letters (a - z, A - Z), special characters, spaces, and numbers.
   • Primary Domain/Tenant ID: This information can be found in the Azure Portal under “Microsoft Entra ID”.
   • Application (client) ID: This information can be found in the Azure Portal in the manually created app registration.
   • Certificate and Certificate Password: The certificate used in the app registration and the corresponding password.
   • Client Secret: The client key is only visible once during the creation of the app registration.

To establish a connection, the following information from the Entra ID App Registration is necessary:

• “Primary Domain/Tenant ID:”
• “Application ID (Client)”
• “Client key”

The registration of an application is done via the Azure Portal (portal.azure.com), in the Microsoft Entra ID section under the menu item “App Registration”.

Registering an application

API Permissions

To access a protected resource such as Teams information or SharePoint web pages, Docusnap365 needs authorization from the resource owner. Docusnap365 needs read-only access for Microsoft 365 discovery.