+
+
+
Fill in all the fields in the left form.
+
You first need to define an Application Registration in your
+ Azure
+ Active Directory, with the appropriate HTTPS URL for this
+ endpoint,
+ and with the appropriate rights, as explained in the
+ documentation.
+
+
+ - Under the Azure Active Directory, select App
+ Registrations, and
+ create a new one. Give it any name you want, and the
+ Redirect
+ URI shoule be type 'Web' and of the format https://powerdnsadmin/azure/authorized
+ (replace the host name approriately).
+
+ - Select the newly-created registration
+ - On the Overview page, the Application ID is your new
+ Client ID
+ to use with PowerDNS-Admin
+
+ - On the Overview page, make a note of your
+ Directory/Tenant ID -
+ you need it for the API URLs later
+
+ - Ensure Access Tokens are enabled in the Authentication
+ section
+
+ - Under Certificates and Secrets, create a new Client
+ Secret. Note
+ this secret as it is the new Client Secret to use with
+ PowerDNS-Admin
+
+ - Under API Permissions, you need to add permissions. Add
+ permissions for Graph API, Delegated. Add: email,
+ openid,
+ profile, GroupMember.Read, User.Read and possibly
+ User.Read.All.
+ You then need to grant admin approval for your
+ organisation.
+
+ - For the Scope, use User.Read openid mail profile
+
+ - Replace the [tenantID] in the default URLs for authorize
+ and
+ token with your Tenant ID.
+
+
+
+
If AZURE GROUP ACCOUNT SYNC/CREATION is enabled,
+ Accounts will
+ be created automatically based on group membership. If an
+ Account
+ exists, an authenticated user with group membership is added
+ to the
+ Account
+