# Connect to Custom Azure Applications/APIs {% hint style="info" %} This guide covers authenticating with custom Azure Applications/APIs. You will need your Azure and PixieBrix Administrator to assist with the instructions in this guide. {% endhint %} ## Create/Register an Azure Application {% hint style="info" %} đź“š Azure documentation to [Register an Application](https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app) and [Register an application with the Microsoft identity platform](https://learn.microsoft.com/en-us/graph/auth-register-app-v2) {% endhint %} 1. Visit the Enterprise Applications page 2. Click New application
3. Click Create your own application
4. Provide a name for your application and click “Create”
### Assign Users and Groups 1. Assign one or more users/groups to the application for them to access the application
### Configure the Application Registration 1. Open the Application Registration for your application. To locate it from the Omnibar, search for the name and select the “Application” entry
2. Open the Authentication settings
3. Click “Add a platform”
4. Choose Single-page Application
5. Provide the following Custom Redirect URL. (The `[chromiumapp.org]()` origin is a special origin that the Chrome Web Browser uses client OAuth2 flow redirects.) ``` ``` ### Configure API Permissions 1. Select Manage > API Permissions
2. Add some base permissions. To allow sign in, select “Microsoft Graph” and choose the Open ID permissions:
### Record the Application and Directory ID * Return to the Overview page for the application you created
* Record the Application (client id) and Directory (tenant) ID for use with PixieBrix
## Configure the PixieBrix Microsoft Azure Integration {% hint style="info" %} To complete these steps for your team, you must be an Admin on your PixieBrix team. Alternatively, for development & testing, you may configure the integration in the Extension Console {% endhint %} 1. From the Integrations section in the Admin or Extension Console, click the + Add Integration button in the top right corner.

To set up a cloud integration that your team can access, head to the Admin Console. (If you'd rather set up something locally, use the Extension Console. Learn more about configuring-integrations.)

2. Search for and select the Microsoft Azure integration. 3. Provide the following information for the Application * Pushdown (read-only): the integration configuration will be pushed to your team members. They will each authenticate individually with the application * Application (client) ID: from the Application Registration Overview * Directory (tenant) ID: from the Application Registration Overview * Scope: * See the individual brick documentation (e.g. xxx and [Lookup Microsoft Workbook Sheets](https://www.pixiebrix.com/marketplace/93ca83df-fb4f-4b0b-9183-47c6d8ffcf26/)) * You likely also want to set the [offline\_access](https://learn.microsoft.com/en-us/graph/permissions-reference#offline_access) scope, which will fetch a refresh token and reduce the number of times you need to re-authenticate * See the [Microsoft Graph permissions reference](https://learn.microsoft.com/en-us/graph/permissions-reference) for all available scope names
## Testing the Integration Configuration in a Mod 1. Create a new Mod in the Page Editor, e.g., a Trigger 2. Add an HTTP Request Brick 3. Configure the brick: 1. URL: [`https://graph.microsoft.com/v1.0/me`](https://graph.microsoft.com/v1.0/me) 2. Integration Configuration: select the Integration Configuration you configured in the previous section 3. Method: get
4. Run the Mod 5. Your browser will open the OAuth2 authentication flow 6. After you authenticate, the Output Panel will show your user’s profile information: