Configuring Azure Active Directory with FME Flow

In order for FME Flow to communicate with Azure AD, you must create and register FME Flow as an enterprise application in Azure AD.

Note

In most cases, Azure AD requires the redirect URI for FME Flow to begin with https. To configure FME Flow to use HTTPS, see Configuring for HTTPS.
For more information about application management in Azure AD, see https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/what-is-application-management.

From the Azure Active Directory portal, select Manage > App registrations > + New Registration, and complete the following fields:

Name: Provide a name for the registration, such as FMEFlow.
Supported Account Types: Specify whether to allow FME Flow to interact with a single Azure AD tenant or multiple Azure AD tenants.
Redirect URI:
- type: Web
- URI: <FMEFlowWebURL>/fmesso/azuread/redirect, where <FMEFlowWebURL> is the fully-qualified hostname for your FME Flow, including both the hostname and domain. For example: https://fmeflow.domain.com/fmesso/azuread/redirect

Click Register.
An overview page of the application registration opens. Navigate to Overview > Essentials, and record the Application (client) ID and Directory (tenant) ID.
Navigate to Certificates & secrets, and select + New client secret.
Record the client secret.

Warning The client secret cannot be viewed after this step.

(Optional) Navigate to Authentication > Web > Add URI, and add any other necessary URI redirects, according to the format specified above for Redirect URI.
Navigate to API permissions, and select + Add a permission. Add the following permissions:

Microsoft Graph > Application permissions > Group.Read.All, User.Read.All
Microsoft Graph > Delegated permissions > User.Read
Grant admin consent for Name.

Note Admin consent is required to proceed, and can be granted only by an Azure AD admin.

What's Next?

Proceed to Creating an Authentication Service Connection.