Registering an App in Entra ID

introduction in this guide, we will walk you through setting up an app registration in microsoft entra id to be used for authentication in factry historian and grafana microsoft entra id was previously known as azure active directory (azure ad) it is a cloud based identity and access management service used to manage users, groups, and permissions for secure sign in to applications step 1 access azure portal go to https //portal azure com and click on microsoft entra id step 2 create app registration click add > app registration step 3 configure app registration factry historian name the application, e g factry historian supported account types select single tenant to limit login to your organisation only (recommended) redirect uri example https //myhistorian com 18000/api/auth/microsoft/callback formula \<my historian base url> + /api/auth/\<my auth provider>/callback replace \<my historian base url> with the factry historian base url set this can be found in factry historian by going to configuration > server settings > general > base url e g https //myhistorian com 18000 replace \<my auth provider> with the name of the authentication provider you will set in factry historian in configuration > authentication providers e g microsoft note the base url must start with https // (tls encryption enabled) must not contain an ip address or localhost may include a port number, e g 8000 save the app registration by clicking register grafana name the application, e g grafana supported account types select single tenant first redirect uri example https //mygrafana com 443/login/azuread formula \<my grafana root url> + /login/azuread replace \<my grafana root url> with the grafana root url set in home > administration > general > settings e g https //mygrafana com 443 note the grafana root url must start with https // must not contain an ip address or localhost may include a port number, e g 3000 second redirect uri example https //mygrafana com 443 formula \<my grafana root url> replace \<my grafana root url> with the grafana root url set in home > administration > general > settings e g https //mygrafana com 443 save the app registration step 4 application/directory id and client secret in entra id, go to manage > app registrations select an application you have created in the previous steps there should be one for factry historian, and one for grafana from the specific app registration's overview in entra id, copy the following values application (client) id directory (tenant) id back on the specific app registration's overview in entra id, click add a certificate or secret next, click new client secret enter a name and expiration date for the client secret and click add copy the value track the client secret's expiration date once expired, authentication will stop working renew the secret in advance and update the value in factry historian/grafana troubleshooting no reply address provided check that the redirect uris in microsoft entra id are correct (grafana requires two redirect uris) check that the root url in grafana ini is correct need admin approval this means an administrator must grant the necessary permissions to the grafana app in the microsoft entra id configuration whether this is required depends on your organisation’s entra id domain settings