Microsoft Entra/ Azure AD Application Setup

This article will walk you through the steps to configure an Entra (formerly Azure/ Active Directory) Application and configure your Protected Area to use the application for authentication.

You will need to configure your Microsoft Entra account if you would like to use Microsoft Entra groups to restrict access to your password protected site. For applying Microsoft login to Catapult Users please visit: 

 Create the Application

1. Log In To the Azure Portal, and then into the Azure Active Directory section.

   
   

   

2. Select “App Registrations” to add/edit Applications.

   
   

   

3. Select “New Registration” to add a new Application.

   
   

   

4. Register the Application by filling out the form.

   
   

   

   1. The Name of the application can be whatever you like.

   2. For Supported Account Types, please select “Accounts in any organizational directory (Any Azure directory - Multitenant)”.

   3. For Redirect URI please select “Web”, and then enter the redirect URI given to you by CatapultK12

Configure the Application

The application has been created, now it needs to be configured.

1. Note the Application (client) ID, the Protected Area system will be asking for it.

2. Set up a new Secret by selecting “Certificate & Secrets”

   

   

3. Create a new Client Secret by selecting “New client secret”

   

   

4. Fill out the “Add a client secret form”

   

   

   1. Description can be anything you like.

   2. Expires can be anything you are comfortable with, but a new secret will need to be generated and configured before this one expires.

5. Note the Client Secret Value, as the Protected Area system will be requesting it.

   

   

Configuring the Application for Groups

If you are going to be handling access with groups, please follow the steps below to configuration your application to have group read permissions.

1. Go back to the main configuration screen for the Application and select “API permissions”.

   

   

2. Add a new permission by selecting “Add a permission”.

   

   

3. Fill out the “Request API permissions” form.

   1. For Select an API, select “Microsoft Graph”

      

      

   2. For What type of permissions does your application require? select “Delegated permissions”.

      

      

   3. For Select permissions, type “Group.Read.All”, or select “Group → Group.Read.All”.

      

      

4. The Group.Read.All permissions will require Administrative Consent. Click “Grant admin consent for …” to give consent.

   

   

5. Select “Yes” in the “Grant admin consent confirmation” dialog to finish setting up the permissions.