Configuring Azure Active Directory with FME Server

In order for FME Server to communicate with Azure AD, you must create and register FME Server as an enterprise application in Azure AD.

Note   
  1. From the Azure Active Directory portal, select Manage > App registrations > + New Registration, and complete the following fields:
    • Name: Provide a name for the registration, such as FMEServer.
    • Supported Account Types: Specify whether to allow FME Server to interact with a single Azure AD tenant or multiple Azure AD tenants.
    • Redirect URI:
      • type: Web
      • URI: <FMEServerWebURL>/fmesso/azuread/redirect, where <FMEServerWebURL> is the fully-qualified hostname for your FME Server, including both the hostname and domain. For example: https://fmeserver.domain.com/fmesso/azuread/redirect
      • Note  In most cases, Azure AD requires URI to begin with https. To configure FME Server to use HTTPS, see Configuring for HTTPS.
  2. Click Register.
  3. An overview page of the application registration opens. Navigate to Overview > Essentials, and record the Application (client) ID and Directory (tenant) ID.
  4. Navigate to Certificates & secrets, and select + New client secret.
  5. Record the client secret.
  6. Warning  The client secret cannot be viewed after this step.
  7. (Optional) Navigate to Authentication > Web > Add URI, and add any other necessary URI redirects, according to the format specified above for Redirect URI.
  8. Navigate to API permissions, and select + Add a permission. Add the following permissions:
    • Microsoft Graph > Application permissions > Group.Read.All, User.Read.All
    • Microsoft Graph > Delegated permissions > User.Read
    • Grant admin consent for Name.
    • Note  Admin consent is required to proceed, and can be granted only by an Azure AD admin.

What's Next?

Proceed to Creating an Authentication Service Connection.