search
githubEdit

Microsoft owned app registration

How to leverage your own application permissions for customized integration control.

Owned App Registration within your Microsoft tenant allows for a tailored configuration and heightened security settings. This advanced option is suited for users with proficiency in their Microsoft Entra environment who require custom control over their Microsoft integrations. For most cases, Rewst recommends that you not choose this option when configuring your Microsoft Cloud Integration Bundle.

hashtag
Configuration instructions

circle-info

Below is a high-level walkthrough of what you need to configure your owned app in Rewst. For detailed instructions and additional support on registering/managing your own apps, refer to Microsoft's Guide to registering an application with the Microsoft identity platformarrow-up-right.

  1. Access the Azure Portal:

  2. Create or Select an App Registration:

    • To create a new app, click New registration.

    • To use an existing app, select one from the Owned applications list.

  3. Configure redirect URL:

    • To ensure Rewst can communicate with your app registration after authentication, and receive security tokens post-authentication, set the redirect URI to https://engine.rewst.io/integrations/bundles/microsoft_cloud/callback

  4. Gather essential information:

    • Note the Client ID and generate a Client Secret under Certificates & Secrets.

    • Enter these credentials when configuring the application in Rewst.

  5. Decide the auth subject:

    • Choose common if your app registration is accessible across multiple tenants.

    • Choose Tenant ID if your registration is restricted to your own tenant, and ensure this ID is included in the Tenant ID field to generate the correct authentication URL.

hashtag
Minimum permissions needed

hashtag
Owned app registration: Microsoft Azure integration

In order to use the Azure Integration, you will need the following at minimum:

triangle-exclamation

Depending on the use-case, you may require the other two shown above.

hashtag
Owned app registration: Microsoft Graph integration

In order to use the Graph Integration, you'll need the following highlighted in red at minimum to authorize the integration. The following highlighted in yellow are also highly recommended to ensure all expected actions work:

hashtag
Owned app registration: Microsoft Graph subscription triggers

In order to use the Microsoft Graph Subscription Triggers, the following permissions are required:

hashtag
Owned app registration: Microsoft CSP integration

These are the permissions required to use the Microsoft CSP integration:

circle-exclamation

Make sure to choose the Microsoft Partner Center API highlighted below as the duplicates will cause issues with your integration.

circle-exclamation

When choosing the Auth Subject:

  • If you are using a CSP: Choose common as it's the subject used for multi-tenancy when constructing an auth URL. This will install an enterprise app in the CSP customer tenants and you will be able to run actions for customers.

  • If you're not using a CSP: Select Tenant ID so that you are only exposing your app to your own tenant

hashtag
Owned app registration: Microsoft EXO integration

In order to use the EXO Integration, the highlighted permissions are required:

circle-check

The full_access_as_app permission is also recommended in some edge cases.

hashtag
Troubleshoot owned app registration

hashtag
Use of implicit flow, where ID token is not enabled

Error: Error during callback. error='unsupported_response_type' error_description="AADSTS700054: response_type 'id_token' is not enabled for the application. Trace ID: 276a464d-f9cf-42c1-9549-e0e52f510000 Correlation ID: 246df67a-b874-4ef3-aefc-9046fe6d0c5e Timestamp: 2024-11-19 1846Z

This error is given when you don't have the id token enabled for the application. To resolve this error, you'll need to:

  1. Navigate to the app in Azure.

  2. Navigate to Authentication.

  3. Check the ID tokens box.

PreviousMicrosoft Cloud integration bundle actions and endpointsNextMicrosoft Cloud permissions

Last updated

Was this helpful?