# How to Configure Microsoft Entra ID (Azure AD) for BoolDesk

**Overview**

To enable secure authentication and email integration (such as IMAP/SMTP) within BoolDesk, you must register an application in your Microsoft Entra ID (formerly Azure AD) portal. This process allows BoolDesk to securely communicate with your Microsoft 365 tenant.

#### **Step-by-Step Guide**

**1. Register a New Application**

* Log in to the Azure Portal and navigate to App registrations (1).
* Click the + New registration button (2).

<figure><img src="https://1656339521-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FbuVnkK2LsQssipBV5XZc%2Fuploads%2F4ndFom7qrvz2COo6xUW0%2Fimage.png?alt=media&#x26;token=d25b93bd-f4eb-4b95-8a3b-dbc9f39e3e6e" alt=""><figcaption></figcaption></figure>

* Name: Enter a clear name for the app, such as `BoolDesk Authentication` (1).
* Supported account types: Select Accounts in this organizational directory only (Single tenant) (2).
* Redirect URI: Select Public client/native (mobile & desktop) (3) from the dropdown menu.
* Click Register to create the app.

<figure><img src="https://1656339521-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FbuVnkK2LsQssipBV5XZc%2Fuploads%2FTHXW7JJqBmi0o74YHatR%2Fimage.png?alt=media&#x26;token=b532ee8f-3c75-46dc-9532-ae89a4f08ee9" alt=""><figcaption></figcaption></figure>

**2. Configure Authentication Settings**

* Once the app is created, go to the Authentication blade (1) in the left menu.
* Scroll down to "Advanced settings" and locate "Allow public client flows".
* Toggle the switch to Yes (Enabled) (3).
* Ensure the account type is confirmed as Single tenant (4).
* Click Save (2).

<figure><img src="https://1656339521-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FbuVnkK2LsQssipBV5XZc%2Fuploads%2Fe3bfm0P1CuJzuXFdUXqN%2Fimage.png?alt=media&#x26;token=8118152d-b48f-4650-94d4-1dbaeff8f9ee" alt=""><figcaption></figcaption></figure>

3\. Configure API Permissions

You must grant BoolDesk permission to access user profiles and send/receive email.

* Navigate to the API permissions blade (2).
* Click + Add a permission (3).

<figure><img src="https://1656339521-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FbuVnkK2LsQssipBV5XZc%2Fuploads%2FHOPuiaV63wqjkQPdlRou%2Fimage.png?alt=media&#x26;token=d17d3749-7f96-40ee-b74e-e3647112a48e" alt=""><figcaption></figcaption></figure>

* Select Microsoft Graph (4).
* Choose Delegated permissions.
* Search for and select the following permissions required for full functionality:
  * `email`
  * `IMAP.AccessAsUser.All`
  * `Mail.Send`
  * `offline_access`
  * `openid`
  * `profile`
  * `SMTP.Send`
  * `User.Read`

<figure><img src="https://1656339521-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FbuVnkK2LsQssipBV5XZc%2Fuploads%2F3QvLkds1GjhN5WagFFBj%2Fimage.png?alt=media&#x26;token=651e3797-9a38-461e-994b-58cd8c2cabb2" alt=""><figcaption></figcaption></figure>

Once selected, click the Grant admin consent for \[Organization Name] button (3) to authorize these permissions for your tenant.

<figure><img src="https://1656339521-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FbuVnkK2LsQssipBV5XZc%2Fuploads%2FDKt0kCke9uCD6RgibN2p%2Fimage.png?alt=media&#x26;token=aca7c561-a4a0-49e2-9a85-1f632f39a140" alt=""><figcaption></figcaption></figure>

**4. Capture Application IDs**

Finally, you need to copy the IDs required to connect BoolDesk to this application.

* Go to the Overview blade (1).
* Copy the Application (client) ID (2).
* Copy the Directory (tenant) ID (3).

<figure><img src="https://1656339521-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FbuVnkK2LsQssipBV5XZc%2Fuploads%2FiVM6ONW1n7kjAxD0nuJV%2Fimage.png?alt=media&#x26;token=cb9ffd63-02f4-4d5d-9e0c-f728e2bebf07" alt=""><figcaption></figcaption></figure>

You will paste these values into your BoolDesk configuration settings to complete the integration.