Configuring Azure Active Directory with FME Server
In order for FME Server to communicate with Azure AD, you must create and register FME Server as an enterprise application in Azure AD.
- In most cases, Azure AD requires the redirect URI for FME Server to begin with https. To configure FME Server to use HTTPS, see Configuring for HTTPS.
- For more information about application management in Azure AD, see https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/what-is-application-management.
- From the Azure Active Directory portal, select Manage > App registrations > + New Registration, and complete the following fields:
- Name: Provide a name for the registration, such as FMEServer.
- Supported Account Types: Specify whether to allow FME Server to interact with a single Azure AD tenant or multiple Azure AD tenants.
- Redirect URI:
Note In most cases, Azure AD requires URI to begin with https. To configure FME Server to use HTTPS, see Configuring for HTTPS.
- type: Web
- URI: <FMEServerWebURL>/fmesso/azuread/redirect, where <FMEServerWebURL> is the fully-qualified hostname for your FME Server, including both the hostname and domain. For example: https://fmeserver.domain.com/fmesso/azuread/redirect
Warning The client secret cannot be viewed after this step.
- Microsoft Graph > Application permissions > Group.Read.All, User.Read.All
- Microsoft Graph > Delegated permissions > User.Read
- Grant admin consent for Name.
Note Admin consent is required to proceed, and can be granted only by an Azure AD admin.
Proceed to Creating an Authentication Service Connection.