Configuring Azure Clients for Non-Interactive Use

Creating Azure Clients for RKVST

To enable non-interactive access to Jitsuin RKVST APIs:

  • Create an Application Registration in your Azure Active Directory.
  • Grant an API access permission for the registration referring to the Jitsuin RKVST API
  • Create a Client Secret
Note: Certificate based assertion of identity is fully supported. See client_assertion_type and client_assertion in the official Azure Documentation.

Create an Application Registration

Adding a New App Registration
  • Choose any name you like.
  • Account type should be: Accounts in this Organizational Directory Only
  • Redirect URI - leave blank.
Adding a New App Registration

The Microsoft Quickstart Register App guide covers the general process.

Add an API Permission to the Application registration

Your app registration must be granted access to the Jitsuin RKVST API.

Adding an App Permission from 'APIs my Organization uses'

Application Permissions will enable access to the Jitsuin RKVST API using client secrets or certificates.

Selecting 'App Permissions'

The Microsoft Quickstart Configure Web App Access guide covers the general process; For non-interactive use see Application Permissions.

Enable the desired Jitsuin RKVST roles

Assigning the Permission Roles
Granting Consent

If successful you should see the following:

Success!

Add a Client Secret to the Application Registration

Adding a Client Secret or Certificate

Take note of the client secret and the application object id (UUID).

Note: If you need to have different secrets for different Jitsuin RKVST roles create an application registration for each distinct set of roles.

Edit this page on GitHub