WAAD Configuration Supplement Guide

This supplement to the Active Directory: Azure AD article explains how to create an “application” within Windows Azure Active Directory (WAAD), which is necessary to enable the Workplace Azure AD integration.

The Azure Application ID and API Key required to complete the Azure AD integration can be obtained by following the steps below.


  1. Log in to Microsoft Azure as an administrator and select the appropriate Azure directory.
  2. Select Azure Active Directory in the side bar.
  3. Select the App Registrations option.
  4. Click + New registration:
  5. Create the application:

    1. Provide a name (Workplace, for example).

    2. Select the desired supported account type.
    3. Enter the Redirect URl.
    4. This field must match the domain part of the URL displayed when logged into the Workplace account with which this Azure instance will be integrated and must be one of the following values:


    5. Click Register.
  6. Under the Manage menu heading, click API Permissions, then click Add a Permission:
  7. Click MS Directory Graph:

  8. Configure the permissions:
    1. Click Delegated permissions and select the UserA user is anyone with access to Workplace..Read and the Directory.AccessAsUser.All options. Use the filter feature to help you locate the correct options.

    1. Click Add Permissions.
    2. On the API Permission view, click Add a permission.
    3. Click MS Directory Graph.
    4. Click Application permissions and select the Directory.Read.All option. Use the filter feature to help you locate the correct options.
    5. Click Add Permissions.
  9. On the API Permissions view, click Grant admin consent...

  10. Add a secret:

    1. Under the Manage menu heading to the left of the API Permissions view, click Certificates & secrets, then click + New Client secret.

    2. Provide a description (Workplace, for example).
    3. Set the desired duration.
    4. Click Add.
    5. COPY THE KEY that now appears in the Values column of the Client secrets list at the bottom of the page. The key is required to complete the setup and cannot be retrieved after you navigate away from this blade:

Gather Information

The setup in Azure is now complete. Gather the following information and complete the setup within Workplace Online according to the Active Directory: Azure AD guide.

Authentication Domain

  1. Click Azure Active Directory in the navigation bar at the far left.
  2. Click Overview.
  3. The Authentication Domain is displayed at the top of the page:

Application ID

  1. Click App registrations under the Manage heading.
  2. Click the name of the application (Workplace, for example).
  3. Copy the Application (client) ID.


Use the key saved in Step 10, above.