> ## Documentation Index
> Fetch the complete documentation index at: https://docs.stackone.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Microsoft Entra ID OAuth 2.0 (Tenant) connector profile – StackOne setup guide

> Set up the OAuth 2.0 (Tenant) connector profile for Microsoft Entra ID in StackOne. One-time admin setup required before your users can link Microsoft Entra ID accounts via Hub.

<Warning>You must have at least Application Developer permissions in your Azure account to register applications in Microsoft Entra ID. A Global Administrator must grant admin consent for the required directory permissions.</Warning>

<Panel>
  <div className="not-prose guides-scope-selector" data-guides-scope-selector data-guide-actions-json="[{&#x22;id&#x22;:&#x22;microsoftentraid_list_users&#x22;,&#x22;label&#x22;:&#x22;List Users&#x22;,&#x22;scopes&#x22;:[&#x22;User.Read.All&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_get_user&#x22;,&#x22;label&#x22;:&#x22;Get User&#x22;,&#x22;scopes&#x22;:[&#x22;User.Read.All&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_create_user&#x22;,&#x22;label&#x22;:&#x22;Create User&#x22;,&#x22;scopes&#x22;:[&#x22;User.ReadWrite.All&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_update_user&#x22;,&#x22;label&#x22;:&#x22;Update User&#x22;,&#x22;scopes&#x22;:[&#x22;User.ReadWrite.All&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_delete_user&#x22;,&#x22;label&#x22;:&#x22;Delete User&#x22;,&#x22;scopes&#x22;:[&#x22;User.ReadWrite.All&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_list_groups&#x22;,&#x22;label&#x22;:&#x22;List Groups&#x22;,&#x22;scopes&#x22;:[&#x22;GroupMember.Read.All&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_get_group&#x22;,&#x22;label&#x22;:&#x22;Get Group&#x22;,&#x22;scopes&#x22;:[&#x22;GroupMember.Read.All&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_create_group&#x22;,&#x22;label&#x22;:&#x22;Create Group&#x22;,&#x22;scopes&#x22;:[&#x22;Group.ReadWrite.All&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_update_group&#x22;,&#x22;label&#x22;:&#x22;Update Group&#x22;,&#x22;scopes&#x22;:[&#x22;Group.ReadWrite.All&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_delete_group&#x22;,&#x22;label&#x22;:&#x22;Delete Group&#x22;,&#x22;scopes&#x22;:[&#x22;Group.ReadWrite.All&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_list_group_members&#x22;,&#x22;label&#x22;:&#x22;List Group Members&#x22;,&#x22;scopes&#x22;:[&#x22;GroupMember.Read.All&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_add_group_member&#x22;,&#x22;label&#x22;:&#x22;Add Group Member&#x22;,&#x22;scopes&#x22;:[&#x22;GroupMember.ReadWrite.All&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_remove_group_member&#x22;,&#x22;label&#x22;:&#x22;Remove Group Member&#x22;,&#x22;scopes&#x22;:[&#x22;GroupMember.ReadWrite.All&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_list_organizations&#x22;,&#x22;label&#x22;:&#x22;List Organizations&#x22;,&#x22;scopes&#x22;:[&#x22;Organization.Read.All&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_get_organization&#x22;,&#x22;label&#x22;:&#x22;Get Organization&#x22;,&#x22;scopes&#x22;:[&#x22;Organization.Read.All&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_update_organization&#x22;,&#x22;label&#x22;:&#x22;Update Organization&#x22;,&#x22;scopes&#x22;:[&#x22;Organization.ReadWrite.All&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_list_applications&#x22;,&#x22;label&#x22;:&#x22;List Applications&#x22;,&#x22;scopes&#x22;:[&#x22;Application.Read.All&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_get_application&#x22;,&#x22;label&#x22;:&#x22;Get Application&#x22;,&#x22;scopes&#x22;:[&#x22;Application.Read.All&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_create_application&#x22;,&#x22;label&#x22;:&#x22;Create Application&#x22;,&#x22;scopes&#x22;:[&#x22;Application.ReadWrite.All&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_update_application&#x22;,&#x22;label&#x22;:&#x22;Update Application&#x22;,&#x22;scopes&#x22;:[&#x22;Application.ReadWrite.All&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_delete_application&#x22;,&#x22;label&#x22;:&#x22;Delete Application&#x22;,&#x22;scopes&#x22;:[&#x22;Application.ReadWrite.All&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_list_directory_roles&#x22;,&#x22;label&#x22;:&#x22;List Directory Roles&#x22;,&#x22;scopes&#x22;:[&#x22;RoleManagement.Read.Directory&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_get_directory_role&#x22;,&#x22;label&#x22;:&#x22;Get Directory Role&#x22;,&#x22;scopes&#x22;:[&#x22;RoleManagement.Read.Directory&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_list_directory_role_members&#x22;,&#x22;label&#x22;:&#x22;List Directory Role Members&#x22;,&#x22;scopes&#x22;:[&#x22;RoleManagement.Read.Directory&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_add_directory_role_member&#x22;,&#x22;label&#x22;:&#x22;Add Directory Role Member&#x22;,&#x22;scopes&#x22;:[&#x22;RoleManagement.ReadWrite.Directory&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_remove_directory_role_member&#x22;,&#x22;label&#x22;:&#x22;Remove Directory Role Member&#x22;,&#x22;scopes&#x22;:[&#x22;RoleManagement.ReadWrite.Directory&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_list_role_templates&#x22;,&#x22;label&#x22;:&#x22;List Role Templates&#x22;,&#x22;scopes&#x22;:[&#x22;RoleManagement.Read.Directory&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_list_service_principals&#x22;,&#x22;label&#x22;:&#x22;List Service Principals&#x22;,&#x22;scopes&#x22;:[&#x22;Application.Read.All&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_get_service_principal&#x22;,&#x22;label&#x22;:&#x22;Get Service Principal&#x22;,&#x22;scopes&#x22;:[&#x22;Application.Read.All&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_create_service_principal&#x22;,&#x22;label&#x22;:&#x22;Create Service Principal&#x22;,&#x22;scopes&#x22;:[&#x22;Application.ReadWrite.All&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_update_service_principal&#x22;,&#x22;label&#x22;:&#x22;Update Service Principal&#x22;,&#x22;scopes&#x22;:[&#x22;Application.ReadWrite.All&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_delete_service_principal&#x22;,&#x22;label&#x22;:&#x22;Delete Service Principal&#x22;,&#x22;scopes&#x22;:[&#x22;Application.ReadWrite.All&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_list_service_principal_app_role_assignments&#x22;,&#x22;label&#x22;:&#x22;List Service Principal App Role Assignments&#x22;,&#x22;scopes&#x22;:[&#x22;Application.Read.All&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_add_service_principal_app_role_assignment&#x22;,&#x22;label&#x22;:&#x22;Add App Role Assignment To Service Principal&#x22;,&#x22;scopes&#x22;:[&#x22;AppRoleAssignment.ReadWrite.All&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_remove_service_principal_app_role_assignment&#x22;,&#x22;label&#x22;:&#x22;Remove App Role Assignment From Service Principal&#x22;,&#x22;scopes&#x22;:[&#x22;AppRoleAssignment.ReadWrite.All&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_list_conditional_access_policies&#x22;,&#x22;label&#x22;:&#x22;List Conditional Access Policies&#x22;,&#x22;scopes&#x22;:[&#x22;Policy.Read.All&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_get_conditional_access_policy&#x22;,&#x22;label&#x22;:&#x22;Get Conditional Access Policy&#x22;,&#x22;scopes&#x22;:[&#x22;Policy.Read.All&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_create_conditional_access_policy&#x22;,&#x22;label&#x22;:&#x22;Create Conditional Access Policy&#x22;,&#x22;scopes&#x22;:[&#x22;Policy.ReadWrite.ConditionalAccess&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_update_conditional_access_policy&#x22;,&#x22;label&#x22;:&#x22;Update Conditional Access Policy&#x22;,&#x22;scopes&#x22;:[&#x22;Policy.ReadWrite.ConditionalAccess&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_delete_conditional_access_policy&#x22;,&#x22;label&#x22;:&#x22;Delete Conditional Access Policy&#x22;,&#x22;scopes&#x22;:[&#x22;Policy.ReadWrite.ConditionalAccess&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_list_named_locations&#x22;,&#x22;label&#x22;:&#x22;List Named Locations&#x22;,&#x22;scopes&#x22;:[&#x22;Policy.Read.All&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_get_named_location&#x22;,&#x22;label&#x22;:&#x22;Get Named Location&#x22;,&#x22;scopes&#x22;:[&#x22;Policy.Read.All&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_create_ip_named_location&#x22;,&#x22;label&#x22;:&#x22;Create IP Named Location&#x22;,&#x22;scopes&#x22;:[&#x22;Policy.ReadWrite.ConditionalAccess&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_create_country_named_location&#x22;,&#x22;label&#x22;:&#x22;Create Country Named Location&#x22;,&#x22;scopes&#x22;:[&#x22;Policy.ReadWrite.ConditionalAccess&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_delete_named_location&#x22;,&#x22;label&#x22;:&#x22;Delete Named Location&#x22;,&#x22;scopes&#x22;:[&#x22;Policy.ReadWrite.ConditionalAccess&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_list_domains&#x22;,&#x22;label&#x22;:&#x22;List Domains&#x22;,&#x22;scopes&#x22;:[&#x22;Domain.Read.All&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_get_domain&#x22;,&#x22;label&#x22;:&#x22;Get Domain&#x22;,&#x22;scopes&#x22;:[&#x22;Domain.Read.All&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_create_domain&#x22;,&#x22;label&#x22;:&#x22;Create Domain&#x22;,&#x22;scopes&#x22;:[&#x22;Domain.ReadWrite.All&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_delete_domain&#x22;,&#x22;label&#x22;:&#x22;Delete Domain&#x22;,&#x22;scopes&#x22;:[&#x22;Domain.ReadWrite.All&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_verify_domain&#x22;,&#x22;label&#x22;:&#x22;Verify Domain&#x22;,&#x22;scopes&#x22;:[&#x22;Domain.ReadWrite.All&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_list_domain_verification_dns_records&#x22;,&#x22;label&#x22;:&#x22;List Domain Verification DNS Records&#x22;,&#x22;scopes&#x22;:[&#x22;Domain.Read.All&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_list_domain_service_configuration_records&#x22;,&#x22;label&#x22;:&#x22;List Domain Service Configuration Records&#x22;,&#x22;scopes&#x22;:[&#x22;Domain.Read.All&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_list_devices&#x22;,&#x22;label&#x22;:&#x22;List Devices&#x22;,&#x22;scopes&#x22;:[&#x22;Device.Read.All&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_get_device&#x22;,&#x22;label&#x22;:&#x22;Get Device&#x22;,&#x22;scopes&#x22;:[&#x22;Device.Read.All&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_update_device&#x22;,&#x22;label&#x22;:&#x22;Update Device&#x22;,&#x22;scopes&#x22;:[&#x22;Device.ReadWrite.All&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_delete_device&#x22;,&#x22;label&#x22;:&#x22;Delete Device&#x22;,&#x22;scopes&#x22;:[&#x22;Device.ReadWrite.All&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_list_device_registered_owners&#x22;,&#x22;label&#x22;:&#x22;List Device Registered Owners&#x22;,&#x22;scopes&#x22;:[&#x22;Device.Read.All&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_list_device_registered_users&#x22;,&#x22;label&#x22;:&#x22;List Device Registered Users&#x22;,&#x22;scopes&#x22;:[&#x22;Device.Read.All&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_list_device_member_of&#x22;,&#x22;label&#x22;:&#x22;List Device Group Memberships&#x22;,&#x22;scopes&#x22;:[&#x22;Device.Read.All&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_list_oauth2_permission_grants&#x22;,&#x22;label&#x22;:&#x22;List OAuth2 Permission Grants&#x22;,&#x22;scopes&#x22;:[&#x22;Directory.Read.All&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_get_oauth2_permission_grant&#x22;,&#x22;label&#x22;:&#x22;Get OAuth2 Permission Grant&#x22;,&#x22;scopes&#x22;:[&#x22;Directory.Read.All&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_create_oauth2_permission_grant&#x22;,&#x22;label&#x22;:&#x22;Create OAuth2 Permission Grant&#x22;,&#x22;scopes&#x22;:[&#x22;DelegatedPermissionGrant.ReadWrite.All&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_update_oauth2_permission_grant&#x22;,&#x22;label&#x22;:&#x22;Update OAuth2 Permission Grant&#x22;,&#x22;scopes&#x22;:[&#x22;DelegatedPermissionGrant.ReadWrite.All&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_delete_oauth2_permission_grant&#x22;,&#x22;label&#x22;:&#x22;Delete OAuth2 Permission Grant&#x22;,&#x22;scopes&#x22;:[&#x22;DelegatedPermissionGrant.ReadWrite.All&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_list_user_app_role_assignments&#x22;,&#x22;label&#x22;:&#x22;List User App Role Assignments&#x22;,&#x22;scopes&#x22;:[&#x22;Directory.Read.All&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_create_user_app_role_assignment&#x22;,&#x22;label&#x22;:&#x22;Assign App Role To User&#x22;,&#x22;scopes&#x22;:[&#x22;AppRoleAssignment.ReadWrite.All&#x22;]},{&#x22;id&#x22;:&#x22;microsoftentraid_delete_user_app_role_assignment&#x22;,&#x22;label&#x22;:&#x22;Remove App Role From User&#x22;,&#x22;scopes&#x22;:[&#x22;AppRoleAssignment.ReadWrite.All&#x22;]}]" style={{ borderRadius: '8px', padding: '16px', marginBottom: '24px' }}>
    <div className="guides-scope-selector__title" style={{ fontSize: '16px', fontWeight: '600', marginBottom: '12px' }}>Select Actions to adjust the guide</div>
    <div className="guides-scope-selector__muted" style={{ fontSize: '13px', marginBottom: '12px' }}>Some actions may require additional configuration in the provider to be accessible. Choose the actions you need and the guide will be updated.</div>

    <div style={{ display: 'flex', gap: '8px', marginBottom: '12px', flexWrap: 'wrap' }}>
      <input type="text" placeholder="Search actions..." className="guides-scope-selector__input" data-guide-action-search style={{ padding: '8px 12px', borderRadius: '6px', fontSize: '13px', flex: 1, minWidth: '160px' }} />

      <button type="button" className="guides-scope-selector__quick-btn" data-guide-select-all style={{ padding: '6px 10px', borderRadius: '6px', fontSize: '12px', cursor: 'pointer' }}>Select all</button>
      <button type="button" className="guides-scope-selector__quick-btn" data-guide-clear style={{ padding: '6px 10px', borderRadius: '6px', fontSize: '12px', cursor: 'pointer' }}>Clear</button>
    </div>

    <div className="guides-scope-selector__list" style={{ maxHeight: '240px', overflowY: 'auto', borderRadius: '6px', marginBottom: '12px' }}>
      <div className="guides-scope-selector__list-header" style={{ display: 'flex', alignItems: 'center', gap: '10px', padding: '8px 12px', fontSize: '12px', fontWeight: '600', position: 'sticky', top: 0, zIndex: 1 }}>
        <div style={{ width: '16px', flexShrink: 0 }} />

        <div style={{ flex: 1, textAlign: 'left' }}>Action</div>
        <div style={{ minWidth: '120px', marginLeft: 'auto', textAlign: 'right' }}>Scope(s)</div>
      </div>

      <div className="guides-scope-selector__muted" data-guide-loading style={{ padding: '16px', textAlign: 'center', fontSize: '13px' }}>Loading actions...</div>
      <div className="guides-scope-selector__muted" data-guide-no-results hidden style={{ padding: '16px', textAlign: 'center', fontSize: '13px' }}>No actions match your search.</div>
    </div>

    <div className="guides-scope-selector__url-section" style={{ marginTop: '12px', paddingTop: '12px' }}>
      <div className="guides-scope-selector__muted" style={{ fontSize: '12px', fontWeight: '500', marginBottom: '6px' }}>Dynamic Guide URL</div>

      <div style={{ display: 'flex', alignItems: 'center', gap: '8px', flexWrap: 'wrap' }}>
        <input type="text" readOnly className="guides-scope-selector__input" data-guide-url style={{ flex: 1, minWidth: '200px', padding: '8px 10px', borderRadius: '6px', fontSize: '12px', fontFamily: 'monospace' }} />

        <button type="button" className="guides-scope-selector__copy-btn" data-guide-copy-url style={{ width: '120px', padding: '8px 14px', borderRadius: '6px', fontSize: '13px', fontWeight: '500', cursor: 'pointer', whiteSpace: 'nowrap', marginLeft: 'auto' }}>Copy URL</button>
      </div>

      <div style={{ marginTop: '12px' }}>
        <div className="guides-scope-selector__muted" style={{ fontSize: '12px', fontWeight: '500', marginBottom: '6px' }}>Scopes Selected</div>

        <div style={{ display: 'flex', alignItems: 'stretch', gap: '8px', flexWrap: 'wrap' }}>
          <pre className="guides-scope-selector__input" role="textbox" aria-readonly="true" tabIndex={0} data-guide-scopes-output style={{ flex: 1, minWidth: '200px', minHeight: '88px', maxHeight: '120px', overflowY: 'auto', margin: 0, padding: '8px 10px', borderRadius: '6px', fontSize: '12px', fontFamily: 'monospace', whiteSpace: 'pre-wrap' }} />

          <div className="guides-scope-selector__muted" style={{ display: 'flex', flexDirection: 'column', gap: '8px', fontSize: '12px', fontWeight: '500', flexShrink: 0, alignItems: 'flex-start' }}>
            <div style={{ whiteSpace: 'nowrap' }}>Separator</div>

            <select className="guides-scope-selector__input" data-guide-scope-delimiter style={{ width: '100%', padding: '6px 10px', borderRadius: '6px', fontSize: '12px' }}>
              <option value="space">Space</option>
              <option value="comma">Comma</option>
              <option value="semicolon">Semicolon</option>
              <option value="pipe">Pipe</option>
              <option value="newline">Newline</option>
            </select>

            <button type="button" className="guides-scope-selector__copy-btn" data-guide-copy-scopes style={{ width: '120px', padding: '8px 14px', borderRadius: '6px', fontSize: '13px', fontWeight: '500', cursor: 'pointer', whiteSpace: 'nowrap' }}>Copy scopes</button>
          </div>
        </div>
      </div>
    </div>
  </div>
</Panel>

<section data-guide-section data-guide-scopes="">
  <h2>Register Your Application in Microsoft Entra ID</h2>

  <p>To connect Microsoft Entra ID with StackOne, you need to register an application in Microsoft Entra ID to obtain OAuth 2.0 credentials.</p>

  <Steps>
    <Step title="Sign in to Microsoft Entra Admin Center">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>Sign in to the <a href="https://entra.microsoft.com" target="_blank" rel="noopener noreferrer">Microsoft Entra admin center</a> as at least an Application Developer. If you have access to multiple tenants, click the <strong>Settings</strong> (gear) icon in the top-right corner, then select the desired tenant from the list under <strong>Directory + subscription</strong>.</p>
      </div>
    </Step>

    <Step title="Create a New App Registration">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>From the left sidebar, go to <strong>App registrations</strong> and click on <strong>New registration</strong>.</p>

        <ul>
          <li>Enter a meaningful <strong>Name</strong> for your app (e.g., StackOne Entra ID Integration).</li>
          <li>Under <strong>Supported account types</strong>, select <strong>Accounts in this organizational directory only</strong> for single-tenant access.</li>
          <li>Select <strong>Register</strong> to create the app registration.</li>
        </ul>
      </div>
    </Step>

    <Step title="Copy the Application (Client) ID and Tenant ID">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>After registration, you'll be directed to the application's <strong>Overview</strong> page. Copy the <strong>Application (client) ID</strong> and <strong>Directory (tenant) ID</strong> values and store them securely for use later.</p>
      </div>
    </Step>
  </Steps>
</section>

<section data-guide-section data-guide-scopes="">
  <h2>Configure Redirect URI</h2>

  <p>Set up the OAuth 2.0 callback URL to enable authentication flow between StackOne and Microsoft Entra ID.</p>

  <Steps>
    <Step title="Navigate to Authentication Settings">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>From your app's Overview page, select <strong>Authentication</strong> from the left menu under <strong>Manage</strong>.</p>
      </div>
    </Step>

    <Step title="Set the Redirect URI">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>Under <strong>Redirect URI configuration</strong>, click <strong>Add Redirect URI</strong>, select <strong>Web</strong>, enter the StackOne OAuth callback URL, and click <strong>Configure</strong>.</p>

        <ul>
          <li>Redirect URI: `https://api.stackone.com/connect/oauth2/microsoftentraid/callback`</li>
        </ul>
      </div>
    </Step>
  </Steps>
</section>

<section data-guide-section data-guide-scopes="">
  <h2>Configure API Permissions</h2>

  <p>Grant your application the necessary Microsoft Graph API permissions.</p>

  <Steps>
    <Step title="Open API Permissions">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>From the left menu under <strong>Manage</strong>, select <strong>API permissions</strong>.</p>
      </div>
    </Step>

    <Step title="Add Delegated Permissions">
      <div data-guide-step data-guide-scopes="User.Read.All,User.ReadWrite.All,Group.Read.All,Group.ReadWrite.All,GroupMember.Read.All,GroupMember.ReadWrite.All,RoleManagement.Read.Directory,RoleManagement.ReadWrite.Directory,Application.Read.All,Application.ReadWrite.All,AppRoleAssignment.ReadWrite.All,Policy.Read.All,Policy.ReadWrite.ConditionalAccess,Domain.Read.All,Domain.ReadWrite.All,Device.Read.All,Device.ReadWrite.All,Organization.Read.All,Organization.ReadWrite.All,Directory.Read.All,DelegatedPermissionGrant.ReadWrite.All" data-guide-display-scopes-list="User.Read.All,User.ReadWrite.All,Group.Read.All,Group.ReadWrite.All,GroupMember.Read.All,GroupMember.ReadWrite.All,RoleManagement.Read.Directory,RoleManagement.ReadWrite.Directory,Application.Read.All,Application.ReadWrite.All,AppRoleAssignment.ReadWrite.All,Policy.Read.All,Policy.ReadWrite.ConditionalAccess,Domain.Read.All,Domain.ReadWrite.All,Device.Read.All,Device.ReadWrite.All,Organization.Read.All,Organization.ReadWrite.All,Directory.Read.All,DelegatedPermissionGrant.ReadWrite.All">
        <div className="connector-guide-actions-badge" data-guide-actions-badge data-guide-actions-badge-scopes="User.Read.All,User.ReadWrite.All,Group.Read.All,Group.ReadWrite.All,GroupMember.Read.All,GroupMember.ReadWrite.All,RoleManagement.Read.Directory,RoleManagement.ReadWrite.Directory,Application.Read.All,Application.ReadWrite.All,AppRoleAssignment.ReadWrite.All,Policy.Read.All,Policy.ReadWrite.ConditionalAccess,Domain.Read.All,Domain.ReadWrite.All,Device.Read.All,Device.ReadWrite.All,Organization.Read.All,Organization.ReadWrite.All,Directory.Read.All,DelegatedPermissionGrant.ReadWrite.All" style={{ display: 'block', width: 'fit-content', maxWidth: '100%', padding: '2px 8px', borderRadius: '8px', fontSize: '12px', marginBottom: '8px', marginTop: '-10px', whiteSpace: 'nowrap', overflowX: 'auto', overflowY: 'hidden', msOverflowStyle: 'none', scrollbarWidth: 'none' }}>
          <span>Enables actions: </span><span data-guide-actions-badge-labels>Add App Role Assignment To Service Principal, Add Directory Role Member, Add Group Member, Assign App Role To User, Create Application, Create Conditional Access Policy, Create Country Named Location, Create Domain, Create Group, Create IP Named Location, Create OAuth2 Permission Grant, Create Service Principal, Create User, Delete Application, Delete Conditional Access Policy, Delete Device, Delete Domain, Delete Group, Delete Named Location, Delete OAuth2 Permission Grant, Delete Service Principal, Delete User, Get Application, Get Conditional Access Policy, Get Device, Get Directory Role, Get Domain, Get Group, Get Named Location, Get OAuth2 Permission Grant, Get Organization, Get Service Principal, Get User, List Applications, List Conditional Access Policies, List Device Group Memberships, List Device Registered Owners, List Device Registered Users, List Devices, List Directory Role Members, List Directory Roles, List Domain Service Configuration Records, List Domain Verification DNS Records, List Domains, List Group Members, List Groups, List Named Locations, List OAuth2 Permission Grants, List Organizations, List Role Templates, List Service Principal App Role Assignments, List Service Principals, List User App Role Assignments, List Users, Remove App Role Assignment From Service Principal, Remove App Role From User, Remove Directory Role Member, Remove Group Member, Update Application, Update Conditional Access Policy, Update Device, Update Group, Update OAuth2 Permission Grant, Update Organization, Update Service Principal, Update User, Verify Domain</span>
        </div>

        <p>Click <strong>Add a permission</strong>, select <strong>Microsoft Graph</strong>, then select <strong>Delegated permissions</strong>. This auth option uses an interactive OAuth 2.0 flow on behalf of a signed-in user and only supports delegated permissions. Enable the required scopes and click <strong>Add permissions</strong> to save.</p>

        <div style={{ marginTop: '8px' }} data-guide-display-scopes>
          <div className="connector-guide-scopes-container connector-guide-scopes-container--scrollable">
            <ul className="not-prose" style={{ listStyleType: "'- '", paddingLeft: '1em', margin: 0 }}>
              <li style={{ overflowWrap: 'anywhere', wordBreak: 'break-word' }} data-guide-display-scope="User.Read.All">
                <button type="button" className="connector-guide-scope-copy" aria-label="Copy User.Read.All" title="Copy scope" data-copy="User.Read.All">
                  <span className="connector-guide-scope-copy__label">User.Read.All</span>
                  <span className="connector-guide-scope-copy__icon" aria-hidden="true">⧉</span>
                </button>
              </li>

              <li style={{ overflowWrap: 'anywhere', wordBreak: 'break-word' }} data-guide-display-scope="User.ReadWrite.All">
                <button type="button" className="connector-guide-scope-copy" aria-label="Copy User.ReadWrite.All" title="Copy scope" data-copy="User.ReadWrite.All">
                  <span className="connector-guide-scope-copy__label">User.ReadWrite.All</span>
                  <span className="connector-guide-scope-copy__icon" aria-hidden="true">⧉</span>
                </button>
              </li>

              <li style={{ overflowWrap: 'anywhere', wordBreak: 'break-word' }} data-guide-display-scope="Group.Read.All">
                <button type="button" className="connector-guide-scope-copy" aria-label="Copy Group.Read.All" title="Copy scope" data-copy="Group.Read.All">
                  <span className="connector-guide-scope-copy__label">Group.Read.All</span>
                  <span className="connector-guide-scope-copy__icon" aria-hidden="true">⧉</span>
                </button>
              </li>

              <li style={{ overflowWrap: 'anywhere', wordBreak: 'break-word' }} data-guide-display-scope="Group.ReadWrite.All">
                <button type="button" className="connector-guide-scope-copy" aria-label="Copy Group.ReadWrite.All" title="Copy scope" data-copy="Group.ReadWrite.All">
                  <span className="connector-guide-scope-copy__label">Group.ReadWrite.All</span>
                  <span className="connector-guide-scope-copy__icon" aria-hidden="true">⧉</span>
                </button>
              </li>

              <li style={{ overflowWrap: 'anywhere', wordBreak: 'break-word' }} data-guide-display-scope="GroupMember.Read.All">
                <button type="button" className="connector-guide-scope-copy" aria-label="Copy GroupMember.Read.All" title="Copy scope" data-copy="GroupMember.Read.All">
                  <span className="connector-guide-scope-copy__label">GroupMember.Read.All</span>
                  <span className="connector-guide-scope-copy__icon" aria-hidden="true">⧉</span>
                </button>
              </li>

              <li style={{ overflowWrap: 'anywhere', wordBreak: 'break-word' }} data-guide-display-scope="GroupMember.ReadWrite.All">
                <button type="button" className="connector-guide-scope-copy" aria-label="Copy GroupMember.ReadWrite.All" title="Copy scope" data-copy="GroupMember.ReadWrite.All">
                  <span className="connector-guide-scope-copy__label">GroupMember.ReadWrite.All</span>
                  <span className="connector-guide-scope-copy__icon" aria-hidden="true">⧉</span>
                </button>
              </li>

              <li style={{ overflowWrap: 'anywhere', wordBreak: 'break-word' }} data-guide-display-scope="RoleManagement.Read.Directory">
                <button type="button" className="connector-guide-scope-copy" aria-label="Copy RoleManagement.Read.Directory" title="Copy scope" data-copy="RoleManagement.Read.Directory">
                  <span className="connector-guide-scope-copy__label">RoleManagement.Read.Directory</span>
                  <span className="connector-guide-scope-copy__icon" aria-hidden="true">⧉</span>
                </button>
              </li>

              <li style={{ overflowWrap: 'anywhere', wordBreak: 'break-word' }} data-guide-display-scope="RoleManagement.ReadWrite.Directory">
                <button type="button" className="connector-guide-scope-copy" aria-label="Copy RoleManagement.ReadWrite.Directory" title="Copy scope" data-copy="RoleManagement.ReadWrite.Directory">
                  <span className="connector-guide-scope-copy__label">RoleManagement.ReadWrite.Directory</span>
                  <span className="connector-guide-scope-copy__icon" aria-hidden="true">⧉</span>
                </button>
              </li>

              <li style={{ overflowWrap: 'anywhere', wordBreak: 'break-word' }} data-guide-display-scope="Application.Read.All">
                <button type="button" className="connector-guide-scope-copy" aria-label="Copy Application.Read.All" title="Copy scope" data-copy="Application.Read.All">
                  <span className="connector-guide-scope-copy__label">Application.Read.All</span>
                  <span className="connector-guide-scope-copy__icon" aria-hidden="true">⧉</span>
                </button>
              </li>

              <li style={{ overflowWrap: 'anywhere', wordBreak: 'break-word' }} data-guide-display-scope="Application.ReadWrite.All">
                <button type="button" className="connector-guide-scope-copy" aria-label="Copy Application.ReadWrite.All" title="Copy scope" data-copy="Application.ReadWrite.All">
                  <span className="connector-guide-scope-copy__label">Application.ReadWrite.All</span>
                  <span className="connector-guide-scope-copy__icon" aria-hidden="true">⧉</span>
                </button>
              </li>

              <li style={{ overflowWrap: 'anywhere', wordBreak: 'break-word' }} data-guide-display-scope="AppRoleAssignment.ReadWrite.All">
                <button type="button" className="connector-guide-scope-copy" aria-label="Copy AppRoleAssignment.ReadWrite.All" title="Copy scope" data-copy="AppRoleAssignment.ReadWrite.All">
                  <span className="connector-guide-scope-copy__label">AppRoleAssignment.ReadWrite.All</span>
                  <span className="connector-guide-scope-copy__icon" aria-hidden="true">⧉</span>
                </button>
              </li>

              <li style={{ overflowWrap: 'anywhere', wordBreak: 'break-word' }} data-guide-display-scope="Policy.Read.All">
                <button type="button" className="connector-guide-scope-copy" aria-label="Copy Policy.Read.All" title="Copy scope" data-copy="Policy.Read.All">
                  <span className="connector-guide-scope-copy__label">Policy.Read.All</span>
                  <span className="connector-guide-scope-copy__icon" aria-hidden="true">⧉</span>
                </button>
              </li>

              <li style={{ overflowWrap: 'anywhere', wordBreak: 'break-word' }} data-guide-display-scope="Policy.ReadWrite.ConditionalAccess">
                <button type="button" className="connector-guide-scope-copy" aria-label="Copy Policy.ReadWrite.ConditionalAccess" title="Copy scope" data-copy="Policy.ReadWrite.ConditionalAccess">
                  <span className="connector-guide-scope-copy__label">Policy.ReadWrite.ConditionalAccess</span>
                  <span className="connector-guide-scope-copy__icon" aria-hidden="true">⧉</span>
                </button>
              </li>

              <li style={{ overflowWrap: 'anywhere', wordBreak: 'break-word' }} data-guide-display-scope="Domain.Read.All">
                <button type="button" className="connector-guide-scope-copy" aria-label="Copy Domain.Read.All" title="Copy scope" data-copy="Domain.Read.All">
                  <span className="connector-guide-scope-copy__label">Domain.Read.All</span>
                  <span className="connector-guide-scope-copy__icon" aria-hidden="true">⧉</span>
                </button>
              </li>

              <li style={{ overflowWrap: 'anywhere', wordBreak: 'break-word' }} data-guide-display-scope="Domain.ReadWrite.All">
                <button type="button" className="connector-guide-scope-copy" aria-label="Copy Domain.ReadWrite.All" title="Copy scope" data-copy="Domain.ReadWrite.All">
                  <span className="connector-guide-scope-copy__label">Domain.ReadWrite.All</span>
                  <span className="connector-guide-scope-copy__icon" aria-hidden="true">⧉</span>
                </button>
              </li>

              <li style={{ overflowWrap: 'anywhere', wordBreak: 'break-word' }} data-guide-display-scope="Device.Read.All">
                <button type="button" className="connector-guide-scope-copy" aria-label="Copy Device.Read.All" title="Copy scope" data-copy="Device.Read.All">
                  <span className="connector-guide-scope-copy__label">Device.Read.All</span>
                  <span className="connector-guide-scope-copy__icon" aria-hidden="true">⧉</span>
                </button>
              </li>

              <li style={{ overflowWrap: 'anywhere', wordBreak: 'break-word' }} data-guide-display-scope="Device.ReadWrite.All">
                <button type="button" className="connector-guide-scope-copy" aria-label="Copy Device.ReadWrite.All" title="Copy scope" data-copy="Device.ReadWrite.All">
                  <span className="connector-guide-scope-copy__label">Device.ReadWrite.All</span>
                  <span className="connector-guide-scope-copy__icon" aria-hidden="true">⧉</span>
                </button>
              </li>

              <li style={{ overflowWrap: 'anywhere', wordBreak: 'break-word' }} data-guide-display-scope="Organization.Read.All">
                <button type="button" className="connector-guide-scope-copy" aria-label="Copy Organization.Read.All" title="Copy scope" data-copy="Organization.Read.All">
                  <span className="connector-guide-scope-copy__label">Organization.Read.All</span>
                  <span className="connector-guide-scope-copy__icon" aria-hidden="true">⧉</span>
                </button>
              </li>

              <li style={{ overflowWrap: 'anywhere', wordBreak: 'break-word' }} data-guide-display-scope="Organization.ReadWrite.All">
                <button type="button" className="connector-guide-scope-copy" aria-label="Copy Organization.ReadWrite.All" title="Copy scope" data-copy="Organization.ReadWrite.All">
                  <span className="connector-guide-scope-copy__label">Organization.ReadWrite.All</span>
                  <span className="connector-guide-scope-copy__icon" aria-hidden="true">⧉</span>
                </button>
              </li>

              <li style={{ overflowWrap: 'anywhere', wordBreak: 'break-word' }} data-guide-display-scope="Directory.Read.All">
                <button type="button" className="connector-guide-scope-copy" aria-label="Copy Directory.Read.All" title="Copy scope" data-copy="Directory.Read.All">
                  <span className="connector-guide-scope-copy__label">Directory.Read.All</span>
                  <span className="connector-guide-scope-copy__icon" aria-hidden="true">⧉</span>
                </button>
              </li>

              <li style={{ overflowWrap: 'anywhere', wordBreak: 'break-word' }} data-guide-display-scope="DelegatedPermissionGrant.ReadWrite.All">
                <button type="button" className="connector-guide-scope-copy" aria-label="Copy DelegatedPermissionGrant.ReadWrite.All" title="Copy scope" data-copy="DelegatedPermissionGrant.ReadWrite.All">
                  <span className="connector-guide-scope-copy__label">DelegatedPermissionGrant.ReadWrite.All</span>
                  <span className="connector-guide-scope-copy__icon" aria-hidden="true">⧉</span>
                </button>
              </li>
            </ul>
          </div>
        </div>
      </div>
    </Step>

    <Step title="Grant Admin Consent">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>Click <strong>Grant admin consent for \[tenant name]</strong> and select <strong>Yes</strong>. A Global Administrator is required to grant consent for directory-level permissions.</p>
      </div>
    </Step>
  </Steps>
</section>

<section data-guide-section data-guide-scopes="">
  <h2>Generate Client Secret</h2>

  <p>Create a client secret that will be used to authenticate your application with Microsoft Entra ID.</p>

  <Steps>
    <Step title="Navigate to Certificates & Secrets">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>From the left menu under <strong>Manage</strong>, select <strong>Certificates & secrets</strong>.</p>
      </div>
    </Step>

    <Step title="Create a New Client Secret">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>Under the <strong>Client secrets</strong> tab, click <strong>New client secret</strong>.</p>

        <ul>
          <li>Add a <strong>Description</strong> (e.g., StackOne Entra ID Integration Secret).</li>
          <li>Select an appropriate expiration period.</li>
          <li>Click <strong>Add</strong>.</li>
        </ul>
      </div>
    </Step>

    <Step title="Copy the Client Secret Value">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>Immediately copy the <strong>Value</strong> of the newly created client secret and store it securely. This value will only be shown once and cannot be retrieved again.</p>
      </div>
    </Step>
  </Steps>
</section>

## Creating the StackOne Connector Profile

To create the Connector Profile in StackOne for <strong>Microsoft Entra ID</strong>:

<Steps>
  <Step title="Navigate to Connector Profiles">
    Login to StackOne and navigate to [Connector Profiles](https://app.stackone.com/connector_profiles)
  </Step>

  <Step title="Create New Connector Profile">
    <ul>
      <li>Click <strong>+ Connector Profile</strong></li>
      <li>Search for and select <strong>Microsoft Entra ID</strong></li>
      <li>Select <strong>Type</strong> as <strong>OAuth 2.0 (Tenant)</strong></li>

      <li>
        Fill out the fields using details retrieved from your provider:

        <ul style={{ marginLeft: '20px' }}>
          <li><strong>Client ID</strong></li>
          <li><strong>Client Secret</strong></li>
          <li><strong>Tenant ID</strong></li>
          <li><strong>Scopes</strong> (Optional)</li>
        </ul>
      </li>

      <li>(Optional) Select <strong>Actions</strong> to be enabled for this Connector Profile</li>
      <li>Click <strong>Create profile</strong></li>
    </ul>
  </Step>
</Steps>

Congratulations! The new Connector Profile will now show up in your project ready to be used. You can now continue to <a href="/guides/accounts-section#linking-accounts">Link Accounts</a> for <strong>Microsoft Entra ID</strong>.
