Skip to content
Documentation
Authentication & Authorization
Microsoft Entra ID Setup

Microsoft Entra ID Setup

1. Register the Application

In Azure Portal > Microsoft Entra ID > App registrations:

  • Name: Adsify API
  • Supported account types: Single tenant (or as needed)

2. Configure API Permissions

Expose an API with scopes: ads:read, ads:write, ads:lifecycle

3. Create App Roles

In the app registration, define roles: viewer, operator, admin

Assign roles to users/groups via Enterprise Applications.

4. Configure Adsify 

{
  "Authentication": {
    "Authority": "https://login.microsoftonline.com/{tenant-id}/v2.0",
    "Audience": "api://{client-id}",
    "RequireHttpsMetadata": true,
    "RoleClaimType": "roles",
    "ValidIssuers": [
      "https://login.microsoftonline.com/{tenant-id}/v2.0",
      "https://sts.windows.net/{tenant-id}/"
    ]
  }
}

Entra ID places roles in a top-level roles array claim. Set RoleClaimType to roles.

5. Machine Client (Client Credentials)

Create a client secret under Certificates & secrets. AI agents use:

curl -X POST "https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token" \
  -d "client_id={id}&client_secret={secret}&scope=api://{client-id}/.default&grant_type=client_credentials"
Keycloak Setup