# Microsoft Azure AD

## In Azure AD Admin: Create an App Registration

An administrator for your company's Microsoft Azure AD needs to log in to the portal and follow the steps below to create an App Registration.

Navigate to the `App Registrations` section of the portal. You can find this section by searching for `App Registrations` or as part of the `Azure Active Directory` section of the portal.

<figure><img src="https://810756845-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-Lry9Z27iWOZyQEGAgY7%2Fuploads%2F1d4KIy65M4Zzl0vGv9ss%2FScreenshot%202023-08-14%20at%209.27.36%20AM.png?alt=media&#x26;token=033b87bd-9cc3-44ca-abe6-da5ccaeb1f9d" alt=""><figcaption></figcaption></figure>

Select `+ New Registration`

Enter `Pushly` for the Name and choose the appropriate Account Type that should have access to log in.

Under `Redirect URI` choose "Web" and enter the following value:

```
https://identity.pushly.com/login/callback
```

<figure><img src="https://810756845-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-Lry9Z27iWOZyQEGAgY7%2Fuploads%2FlRGadS0k9mN5NR1gKYOc%2FScreenshot%202023-08-14%20at%209.21.09%20AM.png?alt=media&#x26;token=6d2e3bf3-6df9-42ed-b6b6-832a7e196ca6" alt=""><figcaption></figcaption></figure>

Click the `Register` button

On the next page copy the `Client ID` and then click the `Certificates and Secrets` item in the left menu bar.

On this page ensure the `Client Secrets` tab is selected and then click the `+ New client secret` button. Enter a description, choose the expiration length (we recommend 24 months) and then click the `Add` button.

{% hint style="warning" %}
You will need to generate a new Client Secret and upload it to the platform every time the secret expires. For example, if you choose 24 months for the expiration length you will need to generate a new secret and add it to the platform every 2 years.
{% endhint %}

<figure><img src="https://810756845-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-Lry9Z27iWOZyQEGAgY7%2Fuploads%2F0tHKrYtxZB4Gu6zxLKOG%2FScreenshot%202023-08-14%20at%209.22.02%20AM.png?alt=media&#x26;token=3a0cf93e-8e70-4e6b-8ec9-b3ea44282e4a" alt=""><figcaption></figcaption></figure>

After clicking the `Add` button make sure you copy the newly generated `Value` on the resulting page as it will only show once. This value will be used as the `Client Secret` along with the `Client ID` when setting up the integration in the platform.

Next, click the `Token configuration` item in the left menu bar.&#x20;

On this resulting page click the `+ Add optional claim` button and then choose the `ID Token` radio button.

From the list of claims add the `email` and `upn` claims and then click the `Add` button.&#x20;

<figure><img src="https://810756845-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-Lry9Z27iWOZyQEGAgY7%2Fuploads%2FsqrRPN99PGWRRGpMdxnk%2FScreenshot%202023-08-14%20at%209.24.37%20AM.png?alt=media&#x26;token=bc66b12f-8a18-4fd0-b542-8a3fada301f0" alt=""><figcaption></figcaption></figure>

An additional modal will be shown at the top of the slide-out that asks you to confirm adding the email and profile permission to the Microsoft graph. Click the checkbox to confirm adding these permissions and then click the `Add` button to complete the App Registration set up.

## Pushly: Create the Microsoft Azure AD Provider

Now that you have your `Client ID` and `Client Secret` you can log into the platform and [navigate to your Organization Settings](https://documentation.pushly.com/platform/organizations/..#accessing-organization-context) page.

Next, click the `Security` tab and then click the `Add Provider` button.

Choose `Microsoft Azure AD` from the `Provider Type` dropdown.

Enter the `Azure AD Domain` and then fill in the  `Client ID`, and `Client Secret` that was generated in the first section of this documentation.

Within the `Associated Domains` text area enter each domain name that your organization will be using to to log in via Azure AD on a separate line. For example, if your email address is `example@yourdomain.com` then you would enter `yourdomain.com`

<figure><img src="https://810756845-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-Lry9Z27iWOZyQEGAgY7%2Fuploads%2FKC8Ez0owxiTgfizeq3eR%2FScreenshot%202023-08-14%20at%2010.39.03%20AM.png?alt=media&#x26;token=45a17913-5da3-450e-ae5a-1995caee3ec5" alt=""><figcaption></figcaption></figure>

Once the provider has been successfully created you can begin [inviting users](https://documentation.pushly.com/user-management#creating-a-user) to the platform. Any user invited that has an email address that matches one of the emails provided in `Email Domains` will be sent through Azure AD for authentication.