Skip to main content

Azure Active Directory app registration

Create an application registration that DigiCert ONE SCEP Service will use to communicate with Intune via API.

The goal of this procedure is to obtain an Application (client) ID, Client secret, and Tenant Name which will be used to configure a certificate profile in DigiCert​​®​​ Trust Lifecycle Manager.

  1. In the Azure portal, search for or select Azure Active Directory from any page.

  2. Select App registrations, then select New registration.

    Nota

    If you will be creating many DigiCert certificate profiles using Azure Auth, you can reuse this app registration for each profile, or you can create and use separate app registrations for higher security and granular auditing and logging.

    image3.png
    image4.png

  3. Enter a meaningful display Name for the application and click Register.

    image5.png

  4. Copy and save the Application (client) ID value in a secure file for later use.

    Application (client) ID will be used later when configuring the certificate profile in DigiCert​​®​​ Trust Lifecycle Manager.

    image6.png

  5. Select Certificates & secrets, and then select New client secret.

    image7.png

  6. Enter a Description and select the desired expiration period for the client secret, then select Add.

    Nota

    A new client secret will need to be created prior to expiration and updated in the DigiCert​​®​​ Trust Lifecycle Manager certificate profile to avoid service interruption.

    image8.png

  7. Copy and save the client secret Value in the same secure file as the previously saved Application (client) ID. The client secret will be used later when configuring the DigiCert​​®​​ Trust Lifecycle Manager certificate profile.

    Nota

    The client secret Value cannot be viewed again once this view is closed. If you lose this value, you will need to create a new client secret.

    image9.png

  8. Select API permissions, then Add a permission.

    image__30_.png

  9. Select “Intune”.

    image11.png

  10. Select Application permissions, then select scep_challenge_provider, and then Add permissions.

    image__31_.png

  11. Again, select Add permissions, then Microsoft Graph.

    image13.png

  12. Select Application permissions, expand Application and check Application.Read.All, then select Add permissions.

    image__32_.png

  13. Select API permissions, then select Grant admin consent for <TenantName>.

    image16.png

    The app registration process in Azure AD is now complete.

  14. In the Azure Portal, in the upper right-hand corner, hover over your user account icon to display the account details. Note the Azure account Domain and save this as your Tenant Name, along with the Application (client) ID and Client secret, as they will be used later when configuring the DigiCert​​®​​ Trust Lifecycle Manager certificate profile.

    image__33_.png
In questa sezione: