Configure Azure Active Directory Client Management

You can use dynamic client registration to configure Azure Active Directory (Azure AD) client management with Anypoint Platform. Using Azure AD as a client provider enables you to authenticate and authorize API consumers with your existing configurations. Azure AD configuration in Anypoint Platform also provides a stateless microservice to convert OAuth 2.0 client application registration requests to requests supported by Azure AD.

  1. Log in to Anypoint Platform using an account that has the Organization Administrator permission.

  2. In the navigation bar or the main Anypoint Platform page, click Access Management.

  3. In the Access Management navigation menu, click Client Providers.

  4. Click Add Client Provider, and then select OpenID Connect DCR for Azure.

    The Add OIDC Azure client provider page appears.

  5. Enter a name and description for your client provider.

  6. Enter the following values from your identity providerโ€™s configuration:

    1. Issuer: URL that the OpenID provider asserts is its trusted issuer.

    2. Tenant ID for Azure AD: The tenant ID from Azure AD. For more information on obtaining your tenant ID, see How to find your Azure Active Directory tenant ID.

    3. Client ID: The client ID for an existing client in your identity provider (IdP) that is capable of creating applications in Azure AD.

    4. Client Secret: The client secret that corresponds to the client ID.

  7. Expand the Advanced Settings section. The following selections are optional:

    1. Disable server certificate validation: Disables server certificate validation if your Azure AD client management instance presents a self-signed certificate, or one signed by an internal certificate authority.

    2. Enable client deletion in Anypoint Platform: Enables the deletion of clients created with this integration.

    3. Enable client deletion and updates in IdP: To use this option, you must also select the Enable client deletion in Anypoint Platform option. This option enables you to update and delete external clients in the configured IdP through an outbound call made by Azure AD to https://graph.microsoft.com/v1.0/applications/{clientId}.

      For an example of the PATCH payload, see the Update application documentation. For an example of the DELETE payload, see the Delete application documentation.

  8. Click Create.

Was this article helpful?

๐Ÿ’™ Thanks for your feedback!

Edit on GitHub
Submit your feedback!
Share your thoughts to help us build the best documentation experience for you!
Take our latest survey!