Microsoft Entra ID App Registration
The Make Provisioning application is represented in Azure by an application object created through App Registrations. This object defines how Microsoft Entra ID identifies the app and issues tokens to it. During installation, the setup script configures the following properties:
| Property | Value |
|---|---|
| Name | Make – [ENVIRONMENT] |
| Logo | AppLogo.png from the install folder |
| Redirect URIs | [Azure Web App URL] |
| [Azure Web App URL]/frameRedirect.html | |
| Secret | Name: Primary |
| Expires: 1 or 2 years after installation (or set to never) | |
| Value: Hidden, logged during installation | |
| Certificate | Generated during installation |
| Owners | The account used for installation |
| OAuth2 Allow Implicit Flow (manifest) | True |
| User Assignments | Yes |
API Permissions
The Make Provisioning application is configured with the following API permissions.
Microsoft Graph
| Permission Name | Type |
|---|---|
| Access directory as the signed-in user | Delegated |
| Read and write directory data | Application |
| Read and write all groups | Application |
| Read and write all OneNote notebooks | Application |
| Read and write all users' full profiles | Application |
| openid | Application |
| offline_access | Application |
| profile | Application |
| ChannelMember.ReadWrite.All | Delegated |
| Notes.ReadWrite.All | Delegated |
SharePoint
| Permission Name | Type |
|---|---|
| Read and write items and lists in all site collections | Delegated |
| Read and write user files | Delegated |
| Have full control of all site collections | Application |
| Read and write items and lists in all site collections | Application |
| Read items in all site collections | Application |
| Read and write items in all site collections | Application |
| Read managed metadata | Application |
| Read and write managed metadata | Application |
| Read user profiles | Delegated |
| Read user profiles | Application |
| Read and write user profiles | Application |