# App registration This step creates an application in Microsoft Entra that Peig uses to communicate with your Microsoft 365 environment — synchronising user identities and managing access rights. ## Create the app registration {% stepper %} {% step %} ### Visit Microsoft Entra [https://entra.microsoft.com](https://entra.microsoft.com/) {% endstep %} {% step %} ### Navigate to app registrations Go to **Identity → Applications → App registrations**. {% endstep %} {% step %} ### Create a new registration Click **New registration**. {% endstep %} {% step %} ### Fill in the details * **Name:** `PeigUserManagerApp` * **Supported account types:** Accounts in this organizational directory only (Any Microsoft Entra ID tenant - Multitenant) * **Redirect URI:** Select **Web** as the platform and enter `http://localhost` as the URL *(this value is not actually used)* {% endstep %} {% step %} ### Register the app Click **Register**. {% endstep %} {% endstepper %} ## Assign API permissions Peig requires a specific set of Microsoft Graph permissions to synchronise user identities and manage access. {% stepper %} {% step %} ### Open API permissions In the app, go to **API permissions** in the Manage menu. {% endstep %} {% step %} ### Add Microsoft Graph Click **Add a permission → Microsoft Graph**. {% endstep %} {% step %} ### Add the permissions **Delegated permissions:** * `User.Read` — allows sign-in and reading of user profiles *(may already be present)* **Application permissions:** * `User.ReadWrite.All` — read and write all user profiles * `Group.ReadWrite.All` — read and write all groups * `Organization.Read.All` — read organisation information * `GroupMember.ReadWrite.All` — read and write all group members {% endstep %} {% step %} ### Add permissions Click **Add permissions**. {% endstep %} {% step %} ### Grant admin consent Click **Grant admin consent for \[Your Organisation]**. {% endstep %} {% endstepper %} ## Enable public client flows {% stepper %} {% step %} ### Open Authentication Go to **Authentication** in the app's Manage menu. {% endstep %} {% step %} ### Open advanced settings Scroll to **Advanced settings**. {% endstep %} {% step %} ### Enable public client flows Set **Allow public client flows** to **Yes**. {% endstep %} {% step %} ### Save Click **Save**. {% endstep %} {% endstepper %} ## Generate a client secret {% stepper %} {% step %} ### Open Certificates & secrets Go to **Certificates & secrets** in the app's Manage menu. {% endstep %} {% step %} ### Create a new secret Click **New client secret**. {% endstep %} {% step %} ### Add the secret details Add a description and select the recommended expiry period. {% endstep %} {% step %} ### Add the secret Click **Add**. {% endstep %} {% endstepper %} {% hint style="danger" %} Copy the secret **Value** immediately — it is only shown once. Store it securely. You will need it in Step 3 when configuring the Peig connector. Note the expiry date. When the secret expires, you must generate a new one and update the Provisioning configuration in Peig. {% endhint %} ## Confirm your setup Before moving to Step 3, verify: * [ ] `PeigUserManagerApp` is registered in Entra * [ ] All required API permissions are added and admin consent is granted * [ ] Public client flows are enabled * [ ] Client secret is generated and stored securely {% hint style="success" %} Next: [Step 3 — Configure Peig Connector](/welcome-to-peig-documentation/deployment-guides/microsoft-365/configure-connector.md) {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.peig.io/welcome-to-peig-documentation/deployment-guides/microsoft-365/app-registration.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.