Skip to content

Configure Microsoft Entra applications for external user integration in Aero

Aero lets you synchronize and authenticate users with external services like Microsoft Entra. To set this up, you'll need to configure both Aero and Entra. Start by logging into your Microsoft Entra tenant.

Add and configure an application for user synchronisation

First, you will need to add an application that allows Aero to synchronize users. To do this, follow these steps:

  1. On the Entra overview page, click App registrations in the side bar.

  2. Click New registration.

    App registrations menu item

  3. Enter a Name and click Register.

    New registration

  4. Click View API permissions.

    Synchronization application overview

  5. Click Add a permission.

    Synchronization application permissions overview

  6. Click Microsoft Graph.

    Add permissions

  7. Click Application permissions.

    Add MS Graph permissions

  8. Scroll down to Group and User (or use the search bar), and check the following permissions

    1. User.Read.All
    2. Group.Read.All

  9. Click Add permissions.

    Application permissions User

    Application permissions Group

  10. In the overview, click Add a permission again.

  11. Click Microsoft Graph, and click Delegated permissions.
  12. Under OpenID permissions check the following permissions:
    1. email (View users' email address)
    2. profile (View users' basic profile)

  13. Click Add permissions

    Delegated permissions OpenID

  14. In the overview, click Grant admin consent for 'tenant name'.

    Grant admin consent

  15. If you get a popup, click Yes.

    Consent confirmation

  16. The status of the permissions is now changed to Granted.

    Permissions granted

  17. In the sidebar, under Manage, click Certificates & secrets.

    Application sidebar

  18. Click the tab Client secrets (#) and click + New client secret.

    Client secret overview

  19. Enter a Description for the secret,and select an expiration under Expires.

  20. Click Add.

    Add client secret

  21. The secret is created. Copy the Value, you will need this in your Aero configuration. Note: the value can only be copied after creating the secret. Once you leave the page, you will no longer be able to copy it.

    Client secret overview

  22. In the sidebar, under Manage, click Authentication.

  23. Click Add Redirect URI.

    Authentication overview

  24. Click Single-page application.

    Add redirect URI

  25. Under Redirect URI, enter https://app.metacomplatform.com/login.

  26. Under Front-channel logout URL, enter https://app.metacomplatform.com/logout.
  27. Ensure the checkboxes for Access tokens (used for implicit flows) and ID tokens (used for implicit and hybrid flows) are ticked.

  28. Click Configure.

    Authentication overview

  29. Click Single-page application again.

  30. Under Redirect URI, enter https://app.metacomplatform.com/ and click Configure.

    Add second redirect URI

  31. Click Mobile and desktop applications.

  32. In the URL-field, enter com.bizzstream://oauth/redirect/.

  33. Click Configure.

    Add mobile redirect URI

  34. Close the right-hand sidebar by clicking the cross-icon.

You have now configured an app registration you can use to integrate with BizzStream Aero.

Create a Directory Service in Aero

Now that you have finished the configuration of applications in Entra, you can create a Directory Service in Aero, and connect it to your Entra applications.