Create an App Registration
Who can perform this work?
Before proceeding, make sure you are logging into your Microsoft Entra Admin Center Portal using an account with at least Cloud Application Administrator role.
-
Sign in to the Microsoft Entra Admin Center.
-
If your account gives you access to more than one tenant, select your account in the top right corner, and set your portal session to the Entra tenant that you want.
-
Navigate to App registration
-
Click on New registration.
-
Complete the form on the Register an application page.
- Name - Enter a meaningful application name that will be displayed to users of the app.
- Support account types – Select which accounts you like this application to support. We recommend selecting Accounts in this organization directory only.
- Redirect URI – Select Web and enter an optional URI to your domain, like https://appreg.goziro.com. The URI doesn’t need to point to a valid server, but despite the optional tag, this field is required for our authentication flow.
- When you are done, click Register at the bottom of the page.
- When your App registration is done registering, you will be redirected to its overview page. Take note of the Application (client) ID.
Create a Client Secret
- Click on Certificates & Secrets under the Manage section of the side menu.
- Click on + New client secret
- Add a description
- Select an expiry date
- Click Add and TAKE NOTE OF THE CLIENT SECRET VALUE. This value will be hidden the next time the page is accessed.
Configure Application Permissions
-
To access the various APIs offered by Microsoft, it is necessary to give the App registration permissions
Click on API permissions under Manage in the side menu. Once on the API permissions page, click + Add a permission. On the Request API permissions tab, click Microsoft Graph.
-
Select Application permissions
-
Locate and select the required application permissions documented here Roles and Permissions Required for ZPM
-
Grant admin consent
Assign Teams Administrator Role
-
Search for Microsoft Entra ID roles and administrators
-
Search for and select the Teams Administrator role and click on it
-
Click Add Assignments
-
Click on No member selected and from the Select a Member pane on the right-hand side search for the Graph App Registration you already created for ZPM.
( When searching for app registration, only use the name’s beginning because searching on contain does not work )
-
Click Select and Next, then select Active Assignment type and enable Permanently assigned checkbox and click Assign.
Configure ZPM
Configure the “Microsoft Graph Management” Page
Login to ZPM as an administrator, and navigation to the Microsoft Graph Management section of the Settings sections.
- Directory Tenant – Enter the tenant from step 2 of Creating the App Registration.
The value which must be entered corresponds to the domain part of your organization’s email - Application ID – Enter the Client ID from step 6 of Creating the App Registration.
- Application Secret – Enter the Client Secret from step 2 of Creating a Client Secret.
- Environment Type - Enter your environment type. If you are usure of your environment type, select “Commercial”
Click Save.