Lab 1 - READ ONLY - Create the Application in Azure Entra ID

Warning

In this lab, you don’t have to do anything. Everything is already created for you in Azure.

Create the Azure Entra ID Application

In Azure Entra ID, go to App Registrations

• Click on New Registration

• Give a name
• For the redirect option, enter the FQDN of the app exposed on the APM, and append this suffix /oauth/client/redirect

Example : https://federate.itc.demo/oauth/client/redirect

• Click Register

Configure your Entra ID app

• Find your Entra ID Application and Edit it

• Copy and Save those ID - we will use them into APM

  • Application ID (this is the OIDC client ID) : b55fd307-3270-4208-b059-8c3f292a7934
  • Tenant ID or Tenant name : f5access.onmicrosoft.com
  

• In Authentication menu, check the Web Redirect URIs. Must be the one defined previously. Don’t change any other settings, we will use OIDC Autorization Grant Flow.

  

• In Certificate and Secrets, create a Client Secret and save the Value not the Secret ID. This is the OIDC Client Secret we will use in APM.

  

• In API persmissions, add those 2 persmissions in Delegated type

  • Microsoft Graph - openid
  • Microsoft Graph - User.Read

  

• In Expose an API, check the Application ID URI exists, else click Add and save.

• Click Add a scope, and create a scope with a name such as federate

  • This scope will used by APM

    

• Add your account into Owners in order to find this app easily

• In Manifest, modify the accessTokenAcceptedVersion to the value 2

  {
       "id": "7027be78-d322-4dca-b44d-b15963fbdf76",
       "acceptMappedClaims": null,
       "accessTokenAcceptedVersion": 2,
       "addIns": [],
       "allowPublicClient": null,
       "appId": "b55fd307-3270-4208-b059-8c3f292a7934",
       "appRoles": [],
       "oauth2AllowUrlPathMatching": false,
       "createdDateTime": "2024-06-06T18:44:15Z",
       "description": null,
  ...
  }
  

• Save

Note

Your Azure Entra ID is ready to be used by APM to authenticate users.