To manage Exchange, the EmpowerID Exchange Online microservice requires a service principal application to be registered in the Exchange tenant to provide Azure AD authentication to the app service that hosts the Exchange microservice.
Register a service principal for app service auth
In Azure, navigate to your Azure Active Directory.
On the Azure Active Directory navbar, click App registrations.
On the App registrations page, click New registration.
Name the application, select the scope (single or multitenant), and click Register.
Once the application is registered, copy the Application (client) ID and Directory (tenant) ID from the Overview page. These values are used later.
Navigate to the Certificates & secrets blade for the application, select Certificates and then click Upload certificate.
Upload the base-64 encoded certificate you are using to secure HTTP traffic between EmpowerID and the microservice. The public key certificate that you upload to Azure must have a corresponding private key in the EmpowerID certificate store; otherwise, an error will occur when calling Azure’s API.
Select Client secrets and click New client secret.
Enter a Description for the client secret, select when the secret Expires and then click Add.
Copy the value for the secret. You add this value to the Key Vault in your EmpowerID tenant.