Enable AAD Login

1. Visit Azure entaID admin page

   a. Navigate into Applications -> Enterprise applications -> New application

   b. Click on “Create your own application”. Click “Create” at bottom

1. Naviage to Applications -> Enterprise applications and click on the app that was created in the previous step.

2. Visit “Overview”

   1. Copy “Application ID”

   2. Navigate to “User and groups” on side menu and click on “Add user/group” . Choose the group of users that you would like to sync into the Kubiya Platform (if you don’t have one yet, you can create a new security group and add members).

   3. Visit Applications -> App registrations and select the app that was just created.

   4. On side menu click on “API permissions” and click on “Add permission” . In the popped window choose “Microsoft Graph” 1. Choose “Delegated permissions” search for “User.Read” mark it and click on “Add permissions” 2. Click again on “Add permission” on popup window choose “Microsoft Graph” now choose “Application permissions” search for “Directory.Read.All” mark it and click “Add permissions”

   5. On the “API permissions” page click on “Grant admin consent for…”

1. From the side menu click on “Certificates & secrets” -> “Client secrets” and click “New client secret”. Fill the form as follow and click “Add”. * Save secret value for later

** values for kubiya *** tenant name and domain - from “Overview” page *** secret value - from “Certificates & secrets” -> “Client secrets” page *** application id - from “Overview” page