IAM - Azure AD configurations

Modified on Mon, 3 Apr, 2023 at 3:41 PM

In Azure AD, there are 3 options when registering an application.

  • Single tenant
  • Multitenant
  • Multitenant and personal Microsoft accounts

There is a choice between these based on requirements and the customer environment.


Note: When selecting between these options, the URL for configuring Microsoft in the Replicated panel will be different. When using a premium Microsoft account, there is another tab at the top, which is called endpoint. The URLs will show in this tab.



For instance, if you are using a personal Microsoft account only these are the set of the URL that should be used.

But when we are using the Organizational directory only the URLs below apply.


And hereare the values when you choose an account in any organization.


Note: Depending on the chosen configuration, the above values may be different and need to be set correctly in the Replicated UI.



App registration configuration

Add optional claims named email, family_name, and given_name.


When adding these claims, make sure to check the option "Turn on Microsoft Graph email, profile permission (required for claims to appear in token)."


Claims should look like the following list.


The Api Permissions should also contain the options email, profile, and User.Read.



Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article