Creating a Custom AzureAD App

When to Create a Custom AzureAD App

Creating a custom AzureAD application and a service principal that can access the necessary resources is required when authenticating using an Azure Service Principal.

Follow the steps below to create a custom AzureAD application and obtain the connection properties for the Azure Service Principal authentication.

Create a Custom AzureAD App

Desktop Apps

OAuthClientId
OAuthClientSecret
CallbackURLt

After logging in to the Azure Portal with your account, click Azure Active Directory > App Registrations.
Click New Registration.
Enter an application name and select Any Azure AD Directory - Multi Tenant. Then set the redirect url to http://localhost:33333, the provider's default. Or, set a different port and set the CallbackURL to the exact reply URL you defined.
On the main page of your application obtain the OAuthClientId, and then generate a OAuthClientSecret in Certificates and Secrets > Client Secrets.

You must also add permission to use the Azure DevOps API:

In the section, click API permissions > Add > Select an API your organization uses > Azure DevOps. If Azure DevOps does not appear as an option, navigate to Organization Settings > Azure Active Directory > Connect directory on your DevOps site and connect the organization to you Active Directory first.
In the Select Permissions step, enable the user_impersonation permission.

Headless Machines

OAuthClientId
OAuthClientSecret

After logging in to the Azure Portal with your account, click Azure Active Directory > App Registrations.
Click New Registration.
Enter an app name and select Any Azure AD Directory - Multi Tenant. Then set the redirect url to http://localhost:33333, the provider's default. Or, set a different port and set the CallbackURL to the exact reply URL you defined.
On the main page of your application, obtain the OAuthClientId, and then generate a OAuthClientSecret in Certificates and Secrets > Client Secrets.