1. In the Azure Active Directory admin portal, go to App registrations > New registration.
  2. Enter an application name and click Create.

    Give your application a name that identitfies it and differentiates it from applications created through Azure AD, such as PingAuthentication-V2.

  3. Under Supported account types, click Accounts in any organizational directory and personal Microsoft accounts.
  4. Click Register.
    The Overview tab provides the Application (client) ID. This is the Client ID for your PingFederate OIDC IdP connection.
  5. Click API permissions.
  6. Click Add a permission > Microsoft Graph > Delegated permissions > Directory and select the Directory.Read.All check box.
  7. Click Add permissions.
  8. Optional: Click the Branding tab to customize the following:
    • Brand logo
    • Home page URL
    • Terms of Service URL
    • Privacy Statement URL
  9. At the top of the page, click Save.