Using PowerShell to configure OIDC with Microsoft Entra ID

SECURITY  Access to register applications within your Microsoft Azure cloud shell environment

This article explains how to create a Secure Edge application registration in Microsoft Entra ID.

Procedure

  1. Log in to your Microsoft Entra ID environment and click the Cloud Shell icon to the right of the Search bar.

    NOTE  If this is your first time launching a Cloud Shell session, you may see a prompt asking you to select either PowerShell or Bash. If so, choose PowerShell.

  2. At the PS prompt, enter a wget command that points at the URL of the Secure Edge PowerShell deployment script you'd like to run.

  3. The PowerShell script will download. Once the transfer completes, run the script by entering its file name at the PS prompt.

  4. The Secure Edge application will create an application ID and corresponding registration in your Azure AD cloud console.

Example PowerShell script for Azure app registration

You can use the following code to build your own PowerShell script for use in this workflow. When you create the script, name the file DSE_AzureAppRegistration.ps1.

##########################################
# Name: DSE_AzureADAppRegistration.ps1
# Author: Datto, Inc. # Version: 1.0
#
##########################################

#### Varibles 
# App Name
$appname = "Datto Secure Edge"
#callback uri
$DattoSecureEdgeCallBackUri = "https://datosecureedge.us.auth0.com/login/callback"

# Step 1 Register App In Azure AD
# Connect-AzureAD # There is a bug in the cloudshell Connect-AzureAD command and it errors out. Need to run it this way. import-module AzureAD.Standard.Preview
AzureAD.Standard.Preview\Connect-AzureAD -Identity -TenantID $env:ACC_TID
$TenantDetails = Get-AzureADTenantDetail
$TenantObjectId = $TenantDetails.ObjectId

#Send Message to Console 
Write-Host "Please Wait While we configure the App Registration..."
# Step 2 Create Azure Ad App Registration
$AzureADAppRegistration = New-AzureADApplication -DisplayName $appname

# Step 3 Update App Registration with Datto Secure Edge URI
Update-AzADApplication -ApplicationID $AzureADAppRegistration.AppId -ReplyUrl $DattoSecureEdgeCallBackUri

# Step 4 Create an Client Secret
$startDate = Get-Date
$endDate = $startDate.AddYears(3)
$aadAppSecret01 = New-AzureAdApplicationPasswordCredential -ObjectId $AzureAdAppRegistration.ObjectId -CustomKeyIdentifier "DattoSecureEdgeSecret" -StartDate $startDate -EndDate $endDate

# Step 5 Get Service EndPoint For App Registration
clear
Write-Host "Datto Secure Edge AzureAD App Registration Script" -ForegroundColor Black -BackgroundColor Cyan
Write-Host "Application Client Id: " $AzureADAppRegistration.AppId
Write-Host "Application Client Secret: " $aadAppSecret01.Value
Write-Host "OpenID Connect Metadata Document: https://login.microsoftonline.com/$TenantObjectId/v2.0/.well-known/openid-configuration"