Guides
SupportStatus
Start typing to search…

Entra IdP Configuration

✔️ Configuring Microsoft Entra ID for your wallet and approver application!

Microsoft Entra ID Configuration

Prerequisites

  • Access to Azure portal with Microsoft Entra ID subscription and administrator
    permissions (Global Administrator or Application Administrator role)

Step 1: Create Required Resources

Create the following three resources as app registrations in Azure Entra ID.

1. API Resource (Create First)

Represents the API that your applications will communicate with.

  • Navigate to Microsoft Entra Admin Center > App registrations > New registration
  • Name: "Wallet API"
  • Supported account types: Accounts in this organizational directory only
    (Single tenant)
  • Redirect URI: Leave blank
  • Click Register

Expose an API:

  • Under Manage > Expose an API
  • Add Application ID URI: api://YOUR_CLIENT_ID
  • Add a scope:
    • Scope name: "access"
    • Who can consent: Admins and users
    • Admin consent display name: "Access Wallet API"
    • Admin consent description: "Allows access to the Wallet API"
    • User consent display name: "Access Wallet API"
    • User consent description: "Allows access to the Wallet API"
    • State: Enabled

Token Configuration:

  • Under Manage > Token configuration > Add optional claim
  • Token type: Access
  • Select claim: "email"
  • Save
  • Check "Turn on the Microsoft Graph email permission"
  • Add

Manifest:

  • Under Manage > Manifest
  • Set "api.requestedAccessTokenVersion": 2
  • Save

2. Single Page Application (SPA) Resource

Represents your wallet application running in a web browser.

  • Navigate to Microsoft Entra > App registrations > New registration
  • Name: "Wallet App"
  • Supported account types: Accounts in this organizational directory only
    (Single tenant)
  • Redirect URI: Single-page application (SPA) -
    https://wallet.yourcompany.com/login/callback
  • Click Register

API Permissions:

  • Under Manage > API permissions > Add a permission > My APIs
  • Select your API resource (e.g., "Wallet API")
  • Select Delegated permissions
  • Check the scope(s) you created (e.g., "access")
  • Add permissions

Authentication:

  • Under Manage > Authentication
  • Verify platform: Single-page application (SPA)
  • Verify Sign-in redirect URIs: https://wallet.yourcompany.com/login/callback
  • Implicit grant and hybrid flows:
    • Ensure Access tokens and ID tokens are NOT checked (SPAs use Authorization
      Code flow with PKCE by default)
  • Set Allow public client flows to Yes
  • Save

Manifest:

  • Under Manage > Manifest
  • Set "api.requestedAccessTokenVersion": 2
  • Save

3. Native Application Resource

Represents your approver application running natively on a device (mobile or
desktop).

  • Navigate to Microsoft Entra Admin Center > App registrations > New registration
  • Name: "ApproverApp App"
  • Supported account types: Accounts in this organizational directory only
    (Single tenant)
  • Redirect URI: Public client/native (mobile & desktop) -
    com.blockdaemon.reactnativeapproverapp://callback
  • Click Register

API Permissions:

  • Under Manage > API permissions > Add a permission > My APIs
  • Select your API resource (e.g., "Wallet API")
  • Select Delegated permissions
  • Check the scope(s) you created (e.g., "access")
  • Add permissions

Authentication:

  • Under Manage > Authentication
  • Verify Mobile redirect URIs include: com.blockdaemon.reactnativeapproverapp://callback
  • Advanced settings > Set Allow public client flows to Yes
  • Save

Manifest:

  • Under Manage > Manifest
  • Set "api.requestedAccessTokenVersion": 2
  • Save

Step 2: Configuration Values

Collect these values from your Azure Entra ID configuration:

  • Entra ID Tenant ID: [Your Tenant ID]

    • Entra ID > Overview > Tenant ID

  • Wallet App Client ID: [Your Wallet App Client ID]

    • App registrations > Wallet App > Overview > Application (client) ID

  • ApproverApp App Client ID: [Your ApproverApp App Client ID]

    • App registrations > ApproverApp App > Overview > Application (client) ID

  • API Audience: [Your API Audience URI]

    • App registrations > Wallet API > Overview > Application ID URI

  • API Issuer URI: [Your API Issuer URI]

    • Format: https://login.microsoftonline.com/{tenant_id}/v2.0 (replace
      {tenant_id} with your tenant ID)

🗣️ We Are Here to Help!

Please contact us via email or support chat if you encounter an issue, bug, or need assistance. Don't forget to include any relevant details about the problem. To request a wallet form and Institutional Vault Approver form, please click here or contact our sales team.

Updated about 19 hours ago