\\
Start at the __Microsoft Azure Portal__: [Link|https://azure.microsoft.com/en-us/features/azure-portal/]\\
\\
__Application registration:__ Navigate to App registrations in the Azure Portal. Click on __New registration__ to create a new application.\\
\\
[SharePoint Integration/new_registration.png]\\
\\
The Redirect URL must end with __register_microsoft_graph_api/__.\\
\\
{{{

    http://localhost:9090/register_microsoft_graph_api/

}}}\\
or
{{{
    
    https://your.crushftp.domain.com/register_microsoft_graph_api/
    
}}}\\
\\
__Secret key__: A new client secret must be created. Go to __Certificates & secrets__, and generate a new client secret by clicking on __New client secret__. Ensure you copy over the __value__ immediately!\\
\\
[SharePoint Integration/new_secret.png]\\
\\
[SharePoint Integration/secret_value.png]\\
\\
\\
Configure the __API Permissions__:\\
\\
Ensure the application has the following __Delegated Permissions__ assigned:\\
\\
__a.) User.Read__: This permission allows an application to access basic profile information (Like: Name,Email address,User ID (object ID), User principal name (UPN), Tenant ID) of the signed-in user.\\
\\
__b.) GroupMember.Read.All__ (Optional): This permission allows the application to read the members of all groups in the directory.	List the users, devices, service principals, and other groups that are members of: Microsoft 365 groups, Security groups, Distribution groups. It requires an admin to consent—ordinary users cannot approve it.\\
\\
[attachments|app_reg_config_permissions.png]\\
\\
Grant __Admin consent__ for the newly added permission.\\
\\
[SharePoint Integration/app_permission_admin_consent.png]\\
\\
Get __Client ID__ and __Tenant ID__ from App registration -> Overview.\\
\\
[MicrosoftMails/client_id.png]\\
\\
__Group info:__\\
\\
You can add the groups claim to the authorization token.\\
\\
[attachments|microsoft_group_info.png]\\ 

__!!!Continue on:__ [CrushOIDC]\\
\\