2.1 KiB
| mapped_pages | applies_to | |||
|---|---|---|---|---|
|
|
Configure Azure [configure-azure]
To make API calls to Microsoft Graph, Elasticsearch requires Azure credentials with the correct permissions.
Create a custom Azure application
- Log in to the Azure portal and go to Microsoft Entra ID.
- To register a new application, click Enterprise applications > New application.
- Click Create your own application, provide a name, and select the Integrate any other application you don’t find in the gallery option.
:::{image} ./images/ms-graph-authz/01-create-enterprise-application.png :alt: "create your own application" page :::
Configure the custom application
-
In the Azure portal, go to Microsoft Entra ID.
-
Under App registrations, select the All applications tab, and then find the application created in the previous section.
:::{image} ./images/ms-graph-authz/02-find-app-registration.png :alt: find your app registration :::
-
Take note of the Application (client) ID and Tenant ID shown here. These will be needed to configure Elasticsearch later.
:::{image} ./images/ms-graph-authz/03-get-application-id.png :alt: get your application ID :::
-
Under Manage > Certificates & secrets, do the following:
- Create a new client secret.
- Take note of your new client secret's Value. This is needed later, and is only displayed once. :::{image} ./images/ms-graph-authz/04-create-client-secret.png :alt: get your client secret :::
-
Under Manage > API permissions, do the following:
- Go to Add a permission.
- Choose Microsoft Graph.
- Choose Application permissions.
- Select
Directory.ReadWrite.All,Group.ReadWrite.All,User.Read.All.
:::{note} An Azure Admin must approve these permissions before the credentials can be used. :::
:::{image} ./images/ms-graph-authz/05-configure-api-permissions.png :alt: configure api permissions :::