Azure Active Directory (AD)

Register app with Azure DB

To register an app follow the instructions:

  1. Sign in to the Azure portal.
  2. If you have access to multiple tenants, use the Directories + subscriptions filter in the top menu to switch to the tenant in which you want to register the application.
  3. Search for and select Azure Active Directory.
  4. Under Manage, select App registrations -> New registration.
  1. Enter a display Name for your application. For example kubit-sso.
  2. Specify who can use the application.
  3. Specify redirect URL -
  1. Select Register to complete the app registration.
  2. When registration finishes, the Azure portal displays the app registration's Overview pane. Please make a note of your Application (client) ID.

Create credentials

  1. Open the newly registered app and navigate to the Certificates & client secrets menu.
  2. Click on the + New client secret button.
  3. Once the Azure portal displays the generated Client Secret Value please make a note of it.



If you configure an expiring secret, make sure to record the expiration date. You will need to renew the key before that day in order to avoid service interruption.


Configure permissions

  1. Open the newly registered app and navigate to the Expose an API menu.
  2. Click on the + Add a scope button.
  3. You can proceed with the generated Application ID URI or you can change it.
  4. Configure a scope resource:
  1. Click on the + Add a client application button and add use the Application (client) ID from earlier (see step 9 of Register app with Azure DB).
  1. Now navigate to the API permissions menu.
  2. Select + Add a permission → My APIs and select the web application you created earlier.
  1. On the next screen select the scope resource you’ve created.
  1. Click one more time on + Add a permission and select Microsoft Graph API. Then select Delegated permissions and enable Users > User.Read permission.

Share required information with Kubit

Share your AD Primary domain, Application (client) ID, and Client Secret Value with the Kubit team. The AD domain could is listed in the main AD dashboard.