1. Complete the steps in Register an application with the Microsoft identity platform in the Microsoft identity platform documentation.
  2. Note your Azure application ID and secret.
  3. To allow the provisioner to manage all users, including deleting users or modifying administrators, assign the "User administrator" role to your Azure AD application.
    1. Complete the steps in "Authorization_RequestDenied" error message when you try to change a password if you use Graph API in the Microsoft documentation.
  4. Add the following application permissions to your application by completing the steps in Add permissions to access web APIs:
    • Application.ReadWrite.All
    • Group.ReadWrite.All
    • Organization.Read.All
    • User.ReadWrite.All