Skip Navigation

Obtain an
Entra
app ID for
BEMS
with client secret authentication

  1. In the left column, click
    Applications > App registrations
    .
  2. Click
    New registration
    .
  3. In the
    Name
    field, enter a name for the app.
  4. Select a supported account type.
  5. If you use passive authentication for users to authenticate to the identity provider (IDP), in the
    Redirect URI
    drop-down list, select
    Public/client (mobile & desktop)
    and enter
    https://localhost:8443
    .
    The Redirect URI is the URL that the user is redirected to after they successfully authenticate to the IDP. Make sure that the Redirect URL matches the URL to the dashboard or authentication might not work as expected.
  6. Click
    Register
    .
  7. In the
    Manage
    section, click
    API permissions
    .
  8. Click
    Add a permission
    .
  9. Click
    Microsoft Graph
    .
  10. Click
    Application permissions
    and set the following permissions:
    • Read mail in all mailboxes (
      Mail > Mail.Read
      )
    • Read all user's full profile (
      User > User.Read.All
      )
    • Read and write contacts in all mailboxes (
      Contacts > Contacts.ReadWrite
      )
      The Contacts.ReadWrite permission is only required if you require the Contact Service API to use third-party apps to query, retrieve, create, and update contact information from a user’s contact folder. For more information, see the Contact Service API reference content.
  11. Click
    Add permissions
    .
  12. Click
    Grant admin consent
    . Click
    Yes
    .
  13. Add a client secret.
    1. In the
      Manage
      section, click
      Certificates & secrets
      .
    2. Click
      New client secret
      .
    3. In the
      Description
      field, enter a key description up to a maximum of 16 characters, including spaces.
    4. Set an expiration date.
    5. Click
      Add
      .
    6. Copy the key
      Value
      .
      The Value is available only when you create it. You cannot access it after you leave the page. This is used as the
      Client secret
      in the
      BEMS
      Dashboard when you enable
      Microsoft 365
      and configure
      BEMS
      to communicate with
      Microsoft 365
      .