In the current architecture, Anchor has the means to sync existing Windows Server Active Directory objects to an Azure Active Directory using Azure AD Connect. Once the objects are synced to your Azure AD, a simple Enterprise Application on Azure AD allows Anchor to Authenticate and Authorize users.
This section will help you set up an Enterprise Application on Azure AD assuming you already have Azure AD connect setup. If you are looking to set up Azure AD connect please follow this guide.
a. Azure Enterprise Application:
i. Login to Azure Portal. Login to your Azure Portal with Admin Credentials or with a user who has permissions to create an Enterprise Application.
ii. Navigate to Azure Active Directory Window from the sidebar menu as shown below.
iii. In the Azure Active Directory page locate Enterprise Applications in the options, click on it
iv. You should see all the applications that are currently set up on your domain. Now, click on the New Application button as shown below.
v. In the next window, click on the Application you’re developing option.
vi. When you click on the Application you’re developing option, it will open a small window on the side as shown below. Please
select the option highlighted in the screenshot.
vii. The App Registrations page will open up. Now, click on the New Registration button.
viii. On Register an Application page, please give an appropriate name for the App and hit Register.
ix. After you hit register, the app will be registered and the new app overview page will open. On this page make a note of the ClientID and Tenant ID.
x. On the app overview page, click on the Certificates and Secrets button from the menu bar. Now, click on the New Client Secret
button, give an appropriate name and expiration period when it prompts and click Add.
xi. Make a note of the client secret you created in the previous step and share it with email@example.com along with Client ID and Tenant ID.
xii. Provide API permissions to the newly created App. Click on API permissions from the menu items. Click on Add permission, this will take you to a page with all the possible permissions you can provide an App. Please select Microsoft Graph and then Application Permissions. In the Application Permissions page, you need to select User -> User.Read.All, Group->Group.Read.All, Directory->Directory.Read.All.
Permissions for the Application should look as shown below. Once you verify the permissions please click on Grant Admin consent for anchor.
With the above step, we are done setting up the Application.