#Create a Custom Azure App

To create a custom app, follow the steps below:

1. Go to (or ).

2. Navigate to Identity > Applications > App registrations > New registration (or Microsoft Entra ID > App registrations > New registration).

3. On the Register an application page, enter your application’s registration information:

   • Name – Enter a name for the custom application.

   • Supported account types – Select which accounts you would like this application to support.

   • Redirect URI – This field is required when you create a custom Azure app with delegated permissions. Enter the URL of the AOS environment based on your scenario:

     • Commercial production environment: https://www.avepointonlineservices.com

     • U.S. Government Production environment: https://usgov.avepointonlineservices.com

     • Insider environment: https://insider.avepointonlineservices.com

     

4. Click Register to create the custom application.

5. Click the created custom application and click API permissions.

6. Click Add a permission to add permissions to the app.

   The permissions that you need to grant to the custom app vary with the different cloud services your tenant is using. Refer to the API Permissions Required by Custom Apps section to view the required permissions for your services.

   If you create a custom Azure app with delegated permissions, you also need to configure additional settings by referring to the below section: Additional Notes for Azure Apps with Delegated Permissions.

7. Click Grant admin consent for [Tenant name] to grant admin consent. After you have successfully granted admin consent for the requested permissions, the Status will be Granted for [Tenant name].

   

8. The application uses certificate authentication. Complete the following steps to upload your organization’s public certificate (.cer or .crt file types are recommended):

   *Note: If your organization does not have any certificates, you can refer to Prepare a Certificate for the Custom Azure App to prepare a self-signed certificate.

   1. Locate your organization’s certificate and export the certificate as a .cer or .crt file.

   2. Go to Microsoft Entra admin center (or Microsoft Azure portal), select the application, and click Certificate & secrets.

   3. In the Certificates section, click Upload certificate.

   4. Select the .cer or .crt file and click Add.

   5. After the certificate file is successfully uploaded, it will be listed in the Certificates section.

Then, refer to the Consent to Custom Apps section to create an app profile in the Custom mode. If necessary, you can Configure a Conditional Access Policy on Custom Apps in Azure for Best Practice.

#Additional Notes for Azure Apps with Delegated Permissions

To create a custom Azure app with delegated permissions, you can refer to the instructions in the Create a Custom Azure App section above. Note that Redirect URI and ID tokens are required by a custom Azure app with delegated permissions, and you can refer to the following instructions to configure the settings:

1. Go to (or ).

2. Navigate to Identity > Applications > App registrations (or Microsoft Entra ID > App registrations), and then click the app that you want to configure.

3. Click Authentication in the left pane.

4. On the Authentication page, follow the instructions below based on your scenario:

   • If the Redirect URIs setting is not displayed on the Authentication page, refer to the steps below:

     1. Click Add a platform.

     2. In the Configure platforms right pane, click Web.

     3. In the Configure Web right pane, enter a URL in the Redirect URIs field based on the version of your AOS environment, select the ID tokens option, and click Configure.

        *Note: If the ID tokens option has been selected on the Authentication page, it will not be displayed in the Configure Web pane.

     4. Below are the URLs of different AOS environments:

        • Commercial production environment: https://www.avepointonlineservices.com

        • U.S. Government Production environment: https://usgov.avepointonlineservices.com

        • Insider environment: https://insider.avepointonlineservices.com

        

   • If the Redirect URIs setting is displayed on the Authentication page, refer to the steps below:

     1. Click Add URI, and then enter a URL in the field below based on the version of your AOS environment.

     2. Below are the URLs of different AOS environments:

        • Commercial production environment: https://www.avepointonlineservices.com

        • U.S. Government Production environment: https://usgov.avepointonlineservices.com

        • Insider environment: https://insider.avepointonlineservices.com

     3. Select the ID tokens option.

     4. Click Save.