Register an Azure tenant

For EPM to query Entra ID groups, a communication channel between EPM and Entra ID must exist.

The key steps to create a channel:

  • Create an app registration in Azure and grant the appropriate permissions.
  • Set up an authentication method.
  • Configure EPM with the app registration.

Requirements

  • Microsoft Azure Commercial

Microsoft 365 Government Community Cloud (GCC) High is not supported.

For more information about the differences, see National cloud deployments at https://learn.microsoft.com/en-us/graph/deployments.

Register a tenant

  1. Go to https://portal.azure.com.
  2. Create a new registration.

Be sure to add the following permissions when setting up the registration.

  • Domain.Read.All
  • GroupMember.Read.All
  • User.Read.All

Note the Application (client) ID and the Directory (tenant) ID. These are used in the EPM configuration.

Configure authentication

Select an authentication method to create a trust relationship between EPM and Azure. There are two methods available:

  • Certificate authentication
  • Client-secret authentication

Certificate authentication

  1. In the EPM console, select Configuration > Active Directory Settings.
  2. Click the Microsoft Entra ID tab.
  3. Select User Certificate Authentication, and select Download Certificate.
  4. Go to the Azure app registrations portal, and then select Certificates & secrets.
  5. Click Upload certificate.

Clients-secret authentication

  1. In the Azure app registrations portal, add a client secret.
  1. In the EPM console, select Configuration > Active Directory Settings > Microsoft Entra ID.
  2. Copy the client secret to the Client Secret box.
  3. Click Save Changes.