Appearance
Azure AD Configuration – Developer Portal Login Integration
Overview
This document describes the Azure Active Directory (Azure AD) application registration and API permission configuration for the application Product-Equation-App-Dev. This setup enables secure login to the developer portal using Microsoft accounts from the Haskoning tenant.
Note: This configuration assumes that the developer portal has been set to use the correct Tenant ID and Client ID associated with the intended product. If these values are misconfigured, the login flow or token retrieval may fail.
⚙️ 1. Application Registration
| Property | Value |
|---|---|
| Application Name | Product-Equation-App-Dev |
| Platform | Azure Active Directory (App Registrations) |
| Purpose | Enables authentication via Microsoft identity platform for the Developer Portal |
📍 Location in Azure Portal:Azure Active Directory → App registrations → Product-Equation-App-Dev
🔐 2. Token Configuration
🪪 Optional Claims
The app includes optional claims in issued tokens to provide additional user details for the developer portal.
| Claim | Source | Description |
|---|---|---|
email | Microsoft Graph | Includes the user’s primary email address in the ID or access token |
📍 Configuration Path:Azure Portal → App registrations → Product-Equation-App-Dev → Token configuration
🧠 Important: If the optional claim (
🔑 3. API Permissions
📋 Configured Permissions
Applications require API permissions to call Microsoft Graph and custom APIs. The permissions below are granted as Delegated — meaning the app acts on behalf of the signed-in user.
| API / Resource | Permission Name | Type | Description | Admin Consent Required | Status |
|---|---|---|---|---|---|
| Microsoft Graph | email | Delegated | View users’ email address | No | |
User.Read | Delegated | Sign in and read user profile | No | ✅ Granted for Haskoning | |
| Product-Equation-Api-Dev (Custom API) | User.Read | Delegated | Access Profile | No | ✅ Granted for Haskoning |
⚠️ Additional Notes
- All configured permissions have been granted for the Haskoning tenant.
- Permissions marked Delegated require user sign-in.
- No admin-consent-only permissions are configured.
- The custom API (
Product-Equation-Api-Dev) defines its own scopeUser.Readfor accessing user profile data internally.