Obtain an Entra app ID for BEMS with client secret authentication
Entra
app ID for BEMS
with client secret authentication- Sign in to entra.microsoft.com.
- In the left column, clickApplications > App registrations.
- ClickNew registration.
- In theNamefield, enter a name for the app.
- Select a supported account type.
- If you use passive authentication for users to authenticate to the identity provider (IDP), in theRedirect URIdrop-down list, selectPublic/client (mobile & desktop)and enterhttps://localhost:8443.The Redirect URI is the URL that the user is redirected to after they successfully authenticate to the IDP. Make sure that the Redirect URL matches the URL to the dashboard or authentication might not work as expected.
- ClickRegister.
- In theManagesection, clickAPI permissions.
- ClickAdd a permission.
- ClickMicrosoft Graph.
- ClickApplication permissionsand set the following permissions:
- Read mail in all mailboxes (Mail > Mail.Read)
- Read all user's full profile (User > User.Read.All)
- Read and write contacts in all mailboxes (Contacts > Contacts.ReadWrite)The Contacts.ReadWrite permission is only required if you require the Contact Service API to use third-party apps to query, retrieve, create, and update contact information from a user’s contact folder. For more information, see the Contact Service API reference content.
- ClickAdd permissions.
- ClickGrant admin consent. ClickYes.
- Add a client secret.
- In theManagesection, clickCertificates & secrets.
- ClickNew client secret.
- In theDescriptionfield, enter a key description up to a maximum of 16 characters, including spaces.
- Set an expiration date.
- ClickAdd.
- Copy the keyValue.The Value is available only when you create it. You cannot access it after you leave the page. This is used as theClient secretin theBEMSDashboard when you enableMicrosoft 365and configureBEMSto communicate withMicrosoft 365.