You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.
Skip to end of banner
Go to start of banner

Register an application for the Azure AD SCIM Microservice in Azure AD

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

The SCIM microservice uses Azure AD authentication to call the Azure API. For this to occur, you need register a new application (service principal) for EmpowerID in your Azure Active Directory.

How to register an application for the SCIM Microservice in Azure AD

  1. Log in to your Azure portal as a user with the necessary permissions to create an application in Azure AD.

  2. In Azure, navigate to your Azure Active Directory.

  3. On the Azure navbar, select App registrations.

  4. On the App registrations page, select New registration.

  5. Name the application, select the scope for the application (single or multitenant) and click Register.

  6. Once the application is registered, copy the Application (client) ID, Directory (tenant) ID and Object ID from the application page. These values are used later to to configure the SCIM App service.


    The next step is to upload a base-64 encoded certificate to authenticate to the application.

    The public key certificate that you upload to Azure must have a corresponding private key in the EmpowerID certificate store; otherwise, an error will occur when calling Azure’s API.

    If you don’t have a certificate to use for authentication, you can create a self-signed certificate from IIS and export the certificate as .cert, .pem, or .crt format. For help with these tasks, see https://aboutssl.org/how-to-create-a-self-signed-certificate-in-iis/ and https://support.globalsign.com/ssl/ssl-certificates-installation/import-and-export-certificate-microsoft-windows.

  7. Under Manage, select Certificates & secrets.

  8. Select Upload certificate and upload the base-64 encoded certificate.

  9. Under Client secrets, select New client secret. The secret is used by the application to prove its identity when requesting a token.

  10. Enter a Description for the client secret, select when the secret Expires and then click Add.

  11. Copy the secret value. You will use it to configure Azure Active Directory Authentication.

Next Steps

Create an App Service for the SCIM microservice

Configure SCIM App Service Authentication

Publish the SCIM Microservice to Azure

Set Permissions for the SCIM Managed Identity

Connect EmpowerID to Azure Active Directory

  • No labels