Skip to main content

How to configure AzureAD

Follow this step-by-step guide to configure the integration between Port and Azure Active Directory.


In order to complete the process you will need to contact us to receive the information you require, as well as the information Port requires from you. All is elaborated below in the following section.

Port-AzureAd integration benefits​

  • Connect to the Port application via an AzureAD app.
  • Your AzureAD teams will be automatically synced with Port upon a user sign-in.
  • Set granular permissions on Port according to your AzureAD groups.

How to configure a Port application in Azure AD​



To make the Port app connection work, users who have access need to have a legal value in their Email field in Azure AD.

Step #1: Register a new application​

  1. In the Microsoft Azure Portal, go to Azure Active Directory.

  2. Click on App registrations.

    AzureAD new application wizard

  3. Click on New registration at the top of the page

    AzureAD new application wizard

  4. Define the Port application settings:

    4.1 Name: Insert a friendly name for the Port app, like Port.

    4.2 Supported account types: Please select the option that is appropriate for your organization.


    For most use cases this would be Accounts in this organizational directory only (Default Directory only - Single tenant).

    4.3 Redirect URI:

    • Set Platform to Web.
    • Set URL to

    AzureAD new application wizard

    4.4 Click Register.

  1. On the new Port App page, click Branding & Properties.

    Azure navigation bar Branding and Properties

    1.1 Home page URL: paste the following URL:{CONNECTION_NAME}&

    We will provide your {CONNECTION_NAME} (Contact us on Slack/Intercom).

    1.2 Add the Port logo (optional):

    Port's logo

    1.3 Publisher domain: Select the domain matching your user emails (for example

    Azure app branding form

    1.4 Click Save.

Step #3: Configuring the application permissions​

  1. On the Port App page, click API Permissions.

    Azure navigation bar API permissions

  2. Click Add a permission:

    Azure navigation bar API permissions

  3. On the Microsoft APIs tab:

    3.1 Click on Microsoft Graph

    Azure API permissions Microsoft APIs

    3.2 Click on Delegate Permissions

    Azure Microsoft APIs delegate permissions

    3.3 Search and mark the following permissions:

    • email, openid, profile,

    Azure API set permissions

    3.4 Click Add permissions.


    (OPTIONAL) Grant admin consent: when users from your organization will first log in, they will be prompted to confirm the permissions specified here. You can click the Grant admin consent for Default Directory to automatically approve their permissions.

Step #4: Configuring the application claims​

  1. On the Port App page, click Token configuration:

    Azure application token configuration

  2. Click Add optional claim:

    Azure app token adding a claim button

  3. Select ID as the token type and then select the email claim, then click Add:

    Azure app token adding a claim


    Repeat the same process for Access and SAML (3 times total).

  4. Your optional claims will look like this:

    Azure app permissions summary


    If you wish to configure the groups claim to pull your AzureAD groups into Port, please follow How to allow pulling AzureAD groups to Port.

Step #5: Configuring application secret​

  1. On the Port App page, click Certificates & Secrets:

    Azure application certification and secrets button

  2. On the Client secrets tab, click the New client secret button:

    Azure application client secrets button

    2.1 Description: Enter a secret description, for example Port Login Client Secret.

    2.2 Expires: Select when will the secret expires.


    Be sure to mark on your calendar the expiration date of the secret. The secret needs to be replaced before its expiration, otherwise login to Port will be disabled.

    2.3 Click Add.

    A secret will be created and its Value will appear as shown in the image below. Immediately document the secret’s value because we will need it for our next step.


    Be advised that your secret will never appear again after you leave this page.

    Azure application display secrets

Step #6: Providing the application information to Port​

Port needs the following information for this process:

Azure application display secrets


Port will provide you the CONNECTION_NAME needed for the homepage URL of the App, as described on Step 2.

Step #7: Exposing the application to your organization​

  1. Assigning the App to organization users and groups

    After the app setup is complete, you can proceed to assign it to your organization’s users and groups, by distributing it in your organization:

    1.1 Go to Azure Active Directory.

    1.2 Go to Enterprise Applications:

    Azure AD enterprise applications

  2. Click on the Port app:

    Azure all application port app

  3. Click on Users and Groups:

    Azure AD users and groups

  4. Click Add user/group:

    Azure AD users and groups

    4.1 Select users and groups you want to grant access to Port.

    4.2 Click Assign.

  5. Make the Port application visible on the myapplications page:

    5.1 Go to Azure Active Directory.

    5.2 Go to Enterprise Applications.

    5.3 Click on the Port app.

    5.4 Click on Properties:

    Azure application properties

    5.5 Set the application properties:

    • Mark Enabled for users to sign-in? as Yes.

    • Mark Visible to users? as Yes.


    By default the Assignment required? flag is set to No, meaning any user with the Homepage URL to the Port app can access it, even if the app isn’t directly assigned to them. Changing the flag to Yes means only users and groups the app is directly assigned to can use and access it.

    Azure application properties form

    You should see the Port app on the dashboard:

    Azure application dashboard


    Users can also manually access Port by going to the App Homepage URL:{CONNECTION_NAME}&

Permissions required to pull AzureAD groups to Port​

Port can query the group membership of users who log in through the AzureAD SSO, and add their teams as team entities inside Port. This allows the platform engineers to take advantage of both existing groups from AzureAD and teams created manually inside Port to manage permissions and access to resources inside Port's catalog.

Important: In order to import Azure AD groups into Port, Port will require the connection app to approve the Directory.Read.All permission