Microsoft Entra ID Application Registration
- Mark Elkomos
Applies to All
This page discusses the registration of an application within Microsoft Entra ID that can be used by an instance of the QEST Platform for authenticating users.
This is a necessary first step in using Microsoft Entra ID for authenticating users in the QEST Platform.
Contents
Overview
QEST Platform products, by default, provide authentication through the use of a username and password. Since many QEST Platform products are publicly facing the use of stronger authentication methods, such as multi-factor authentication is strongly recommended.
In the QEST Platform this is achieved through integration with Microsoft (MS) Entra ID (previously Microsoft Azure AD). In order to utilize the multi-factor authentication functionality available from MS Entra ID when authenticating with QEST Platform products, QEST Platform users will need to exist as users in an instance of MS Entra ID that is accessible from the server running the QEST Web API.
A necessary first step in using Microsoft Entra ID for authenticating users in the QEST Platform is to register an application for this purpose using the Microsoft Entra admin center. This page outlines suggested settings for configuring the application.
Registering an Application
The following article from Microsoft can be followed to initially add an application: Quickstart: Register an app in Microsoft Entra ID - Microsoft identity platform.
Settings
The following settings are suggested when registering the application. A number of these settings must be set per the table below while others are suggestions only and can be modified to meet company policy.
Initial Addition
Setting | Value | Value Type |
|---|---|---|
Name | QEST Platform | Suggested |
Supported account types | Accounts in this organizational directory only | Suggested |
Redirect URI [1] | Single page application <address to qest Web App> | Mandatory |
Further Configuration
After initially registering the application, the following settings should also be defined.
Setting | Value | Value Type |
|---|---|---|
Authentication → Platform configurations → Add a Platform | Mobile and desktop application Enable the following redirect:
| Mandatory |
Authentication → Implicit grant and hybrid flows | Enable the following options under “Select the tokens you would like to be issued by the authorization endpoint:”
| Mandatory |
Authentication → Advanced Settings → Allow public client flows | Yes | Mandatory |
API Permissions | ||
API/Permission name | Ensure the following
| Mandatory |
Expose an API | ||
Application ID URI → Add | Accept suggested default URI | Suggested |
Add a Scope | ||
Scope Name | access_as_user | Suggested |
Who can consent? | Admins and users | Mandatory |
Admin consent display name | Access QEST Platform as a user | Suggested |
Admin consent description | Access QEST Platform as a user | Suggested |
User consent display name | Access QEST Platform as a user | Suggested |
User consent description | Access QEST Platform as a user | Suggested |
State | Enabled | Mandatory |
Owners | ||
Add Owner | Ensure that sufficient owners exist, in addition to the creator, for ongoing management of the application. | Suggested |
Manifest | ||
| Change from
| Mandatory |
Details to Note
Once the setup of the application is complete, the following details will need to be recorded for use in QEST Platform configuration:
Directory (tenant) IDif account types are restricted to the organizational directory only. This will be used as theTenant IDin the QEST Platform configuration.Application (client) IDwill be used as theClient IDin the QEST Platform configuration.
QEST Platform Configuration
Once the above registration has been completed, the appropriate configuration will need to be added to the appSettings node of the custom.app.config QESTNet configuration file.
The individual settings are described in QESTNet Configuration Guide | appSettings but should look similar to the below:
<add key="enableEntraAuthentication" value="true" />
<add key="TenantId" value="00000000-0000-0000-0000-000000000000" />
<add key="ClientId" value="00000000-0000-0000-0000-000000000001" />
Related content
Integrity | Curiosity | Empathy | Unity
The content of this page is confidential and for internal Spectra QEST use only. Do not share, duplicate or distribute without permission.