To use the Azure AD Graph API, an application must exist to provide an application ID and key that PingAccess will use as the client ID and client secret for communication with the Graph API.
Create the application in Azure AD through the App Registrations blade using these criteria:
- Enter a unique name for the application, such as "Graph API app"
- Application Type
- Web app / API
- Sign-on URL
- This field is not relevant for this particular use case, but is required by Azure AD. Enter the PingAccess host.
- After you create the application, navigate to the application in the list.
- Select Required permissions and click Add.
Choose Windows Azure Active Directory, and then click
For Application Permissions, read the directory data.
- Copy the Application ID.
- Generate and copy a Key.