# Integrating with Azure Entra ID (AD)

1- Log in to your AD platform with administrative privileges.

2- Navigate to Microsoft Azure AD and select "App registrations" in the menu.

3- Click on "New Registration."

<figure><img src="/files/ltu5f1OUcBdAu2x5wwgp" alt=""><figcaption></figcaption></figure>

4- Enter "Amove" as the display name and proceed to register the application.

<br>

<figure><img src="/files/2DBwW9hfGT1iIG8n5lnr" alt=""><figcaption></figcaption></figure>

<br>

5- Copy the Application ID, as it will be used to connect the Amove Client to Azure AD.

<br>

<figure><img src="/files/roywlVMBmkbimO4l7FZM" alt=""><figcaption></figcaption></figure>

6- Click on Add a certificate or secret option

<br>

<figure><img src="https://lh7-us.googleusercontent.com/uuLi2OxS2tWp6ct3TlskVE0Us8nDc3Cu-ynVM1nfui-qpuwhSVOsketpbHzeZ7YAR4shbIYUNmZZTcw3CUCVy6WyWv9RvljnCjB7SgQJPLu7uADAgk1zY1CfenXYrXIbQBxtjrGTEMWJYx6pUHkkv-o" alt=""><figcaption></figcaption></figure>

Then click on New client secret

<figure><img src="https://lh7-us.googleusercontent.com/qpRf269ALE0o3VUHPj7ZtB_NI0ZHlvhwOKFG4dqcXdnK-szbzfLcun-MoPBevXZXXlgq3o-cPjNbQZU6CkOmBNMxqnu6ShZB21YDlyywSlQGFuphBp3olCo8ta_MX15T9Xp-oyLSKxWgBuPAp0O0xbA" alt=""><figcaption></figcaption></figure>

Enter description and generate secret key

<br>

<figure><img src="https://lh7-us.googleusercontent.com/4c0vrcXsyTbfXBIwTC4279vpNJbd6C2J4DMek4DhNwCivFhpLD04CZFqFrX8VobRo7hKxmN8UVd-y8HmEK5bdjqtlAoizEk_uVKFtN89zyxBPL2rCV7lcS17O3gEiyuCRtsQJOhKTfNV7_WGzJd_3KM" alt=""><figcaption></figcaption></figure>

Copy the Secret Value to a secure location. Please be aware that you won't be able to retrieve this value later, so store it in a safe place.

7- Add following URIs in Redirect URI section

<https://app2.amove.io/ssocallback>

<https://app2.amove.io/usercallback>

<http://localhost:29123>

Click on Add a Redirect URI

<figure><img src="https://lh7-us.googleusercontent.com/A7Evu61QyKAqN4IwUX_d_o_pAYkt3fNh-RSaXtAaiakUILhg0gUPBio2N_7cHMbT41-HCJQV5pxlgPpeQozMNQw_d7m0hhXm7wfg4mgd0ADme2l08nV62ETsM5VGB73zeHyJbfEVuHUs6KRpkaOsqdE" alt=""><figcaption></figcaption></figure>

Click on Add a platform and select Web

<figure><img src="https://lh7-us.googleusercontent.com/-ujwQ1OIxJKV3LVsWyHDAVmVmCMLJYBSvDYIdJPGw07NDyvX5QB4fSDpN03EoSsNErsJ6zuRlCbql6h9NzAq0zUL7Eg5UHBQmffJ4FhVWZvJLsbKyJsjWJ15eZP4Tvk9MoR_T7sI0g_zydd2h57gn4k" alt=""><figcaption></figcaption></figure>

Add one of the URIs and configure, then add remaining URIs and save

<figure><img src="https://lh7-us.googleusercontent.com/wBwLE7-NivkBeGvYw9JQHuzdcoSv_IYYRZQj8_6zaXM6yxpncRSSWRs3BMHR-CBEQ1gK8Su51fNkcSlynuzVZNLIAvGusxiH4t-8TJ3xrlcjVSnWVgaNiDIEeAWbmfqplrBWUKXRUqgT1TezNxbIuQA" alt=""><figcaption></figcaption></figure>

8 - Click on Endpoint and copy OpenID Connect metadata document endpoint

<br>

<figure><img src="https://lh7-us.googleusercontent.com/vRy_Io7R7tqAMfh4ZoibeVBAm22ydgKgoJAVpNusoviNVFwNv4ZZL6n6i0TxZoHSNow5JRDyB_88X8ulXQ-YqSx0ecb-zJTdwrJEJ7MPbZZ9bSb_VKLxPrbT-QQOc6SWqS86glZlYM8IE1JVd2lBJMg" alt=""><figcaption></figcaption></figure>

9- To add API permissions, follow these steps:

* Click on "API permissions" in the navigation bar.
* Select "Add a permission."
* Choose "Microsoft Graph."
* Add the required permissions from the list below:

<figure><img src="https://lh7-us.googleusercontent.com/Oqz9paLP_I6cT3oRtngxKMDC0G-eLfIxNJXwmC8UUVRqXmY0d95V4o_ejpQvJMg5d7u2KE0ZxRIDYFETkD3uZkpMUDgf2dHb5r0e8dy89wtozfjkTw3KL4XYQ_AU38Eaa8elgwxwYm4WUoX8YVTuv9w" alt=""><figcaption></figcaption></figure>

Select Application permissions option and add following permissions:

* User.Read.All
* Group.Read.All
* GroupMember.Read.All

<figure><img src="https://lh7-us.googleusercontent.com/jWAuhASyOYvfnA_Ei8Dj-MgRYSicOqvYkCdSP6xegYvEy4CAC4BARXb2PfAbhG0W1Elt8E9XkeGcLbWiXgeJ31FCDai_0fOd15y0T7zPJXMERGR8e5tdAvwBTDFyAWrP_uadAP51pl5COZVPdlCsmPo" alt=""><figcaption></figcaption></figure>

Then add following permissions with Delegated permission:

* Openid
* User.Read
* User.ReadBasic.All

<figure><img src="https://lh7-us.googleusercontent.com/mUftIsti9HE3AYHnUkQtYBVwF-bp2ofEk5VDx6XG95DOAVGfKqNfLV1sAyZAdGop646RNwV5qKEKW6qq320dEYE0vfiDj4-lT6SSJmgmvk8LFzytKyLkx5HdSo_M4BPMEqGhdFVsGxArve1z4tvLw-k" alt=""><figcaption></figcaption></figure>

After adding all the required permissions, the permission section should resemble the provided configuration. Once done, proceed to click on "Grant admin consent."

<figure><img src="https://lh7-us.googleusercontent.com/9uv8iXD9XWhpj2m8z_eWfF0tuj9dk7W-uE4sfh7XdETAwKLgLPYT_FQ-dZCSWgM6zJs0mpmdzzShmcUekgS13kg_SyHhmTdC4SFi4wWdZ16jXOOKWER3sOYb6Pq-YiWppSYQ2T2jp049pMRvJp2N-5A" alt=""><figcaption></figcaption></figure>

After granting admin consent, the permissions section should reflect the changes as specified.

<figure><img src="https://lh7-us.googleusercontent.com/WLDSqPknQuZEbdpOGOWP8TJJ5nH-64Z74uSaPtsVShe3esqv7rW2H2DwGmFr3GUei-j7n5_OUqmGGSZ5BtcsVxuJFTbogmtDq--mL8MiO70u7Xm_lEyDpjRqelA_e-fDll3JDgVlVrornBc-3lSwGww" alt=""><figcaption></figcaption></figure>

10- Open the Amove.

<figure><img src="/files/d5kEFwBOfswK6Yzm07ni" alt=""><figcaption></figcaption></figure>

11- Choose "Account" from the sidebar menu on the left side.

<figure><img src="/files/T4G9U7zeE47Cwl8d8W9G" alt=""><figcaption></figcaption></figure>

12- Click on Configure button in Azure AD Box.

<figure><img src="/files/mxdJ4vnlYh2vOOla3mM7" alt=""><figcaption></figcaption></figure>

13- Enter the Application (client) ID, Client Secret, and OpenID URL to establish a connection with your Azure AD.

<figure><img src="/files/NEkEQd4O6tflnpp9Cx5H" alt=""><figcaption></figcaption></figure>

<br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.amove.io/amove-single-sign-on/integrating-with-azure-entra-id-ad.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.