The Tenant ID is the unique identifier for your Entra ID instance.

2.1 Navigate from Microsoft Azure Portal > Microsoft Entra ID. Copy the Tenant ID, and paste it into the Tenant ID field in CSE.

2.2 Navigate from App registrations > + New registration.

2.3 Enter a Name for your app (i.e., CSE API Auto Config).

2.4 Under Supported account types, select the single tenant access option.

2.5 Select Register.

2.6 Navigate to the newly-registered app’s Overview page.

2.7 Copy the Application (client) ID, and paste this value into the Client ID field in CSE.

2.8 Navigate from from Manage > Certificates & secrets, and select + New client secret.

2.9 Under Add a client secret, enter API Auto Config Secret in the Description field.

2.10 In the Expires menu, select 365 days (12 months).

2.11 Then select Add.

2.12 Under Certificates and secrets, the new client secret will be listed. Copy its Value, and paste this value into the Secret field in CSE.

Note: The API Value won’t be visible after you exit this page; Save it in a secure location on your device.

2.13 Navigate to API permissions, then select + Add a permission.

2.14 Select Microsoft Graph, and then select Application permissions.

2.15 In the Select permissions menu, search for and enable the following permissions:

• Application.Read.All
• Application.ReadWrite.All
• Application.ReadUpdate.All
• Application.ReadWrite.OwnedBy (for SCIM)
• AppRoleAssignment.ReadWrite.All
• Group.Read.All
• GroupMember.Read.All
• Policy.Read.All
• Policy.ReadWrite.ApplicationConfiguration
• User.Read

2.16 Select Grant admin consent for your org, and then select Yes.

2.17 Navigate from Azure Portal > EntraID > Groups > All groups. Select a group you want to configure over to CSE.

2.18 Copy the group name, and paste into CSE’s IDP Group Name field.

2.19 Select Save and Activate to save your User Identity Provider API Auto-Configuration in CSE.