# Azure AD Configuration for the WorkflowGen CLI

## Prerequisites

* Make sure to have a licensed copy of WorkflowGen installed and running on an IIS web server in **HTTPS** secure connection mode.

* Make sure to have **Azure AD administrator access** to be able to configure Azure AD.

* Make sure to have provisioned an existing Azure AD user with which you can authenticate to WorkflowGen so that you can use the application afterwards.

* Make sure to have successfully configured delegated authentication to Azure AD with the **Microsoft Identity Platform v2.0** provider on your WorkflowGen instance following the instructions in the [Azure AD Authentication](https://docs.advantys.com/workflowgen-for-azure/7.17.0-5/azure-active-directory-authentication) section with the `WorkflowGen GraphQL API` application registered as well.

## Interactive mode

### Azure Active Directory configuration

This configuration is done in three steps. First, you have to register a new native application in Azure AD. Then, you have to give the application the necessary permissions to access the WorkflowGen GraphQL API. Finally, you have to register the correct callback URLs that will redirect within the native application.

#### Step 1: Register a new native application

1. In the Azure portal, click **App registrations** in the **Azure Active Directory** section.

2. Click **New registration**, and fill in the properties:<br>

   * **Name:** `WorkflowGen CLI` <br>

   * **Supported account types:** `Accounts in this organizational directory only (Single tenant)`

     \
     ✏️ **Note:** Depending on the context, you should choose the right option for your use case for the supported account type value.

   * **Redirect URI:**&#x20;
     * **Type:** `Public client/native`&#x20;
     * **Value:** `http://127.0.0.1:8888/callback`

   &#x20;

   ✏️ **Note:** Port `8888` is defined by default; you can change it if it's already in use on your computer.

   &#x20;

3. Click **Register** at the bottom of the page.

You've now successfully registered your `WorkflowGen CLI` native application in Azure Active Directory.

#### Step 2: Grant access to the GraphQL API

1. Click **API permissions**.<br>
2. In the **Configured permissions** section, click **Add a permission**.<br>
3. Click **My APIs**, then select the `WorkflowGen GraphQL API` application in the list.<br>
4. Click **Delegated permissions** and check `default` under the **Permission** column.<br>
5. Click **Add permissions**.<br>
6. On the **API permissions** page, click **Grant admin consent for \<your tenant name>**, then click **Yes**.

#### Review the registration

Take note of the information you'll need later on:

* A **client ID:** This is the application (client) ID in the **Overview** section of your application registration.

* A **tenant ID:** This is the directory (tenant) ID in the **Overview** section of your application registration.

You'll need to give this information to the users who will be using the WorkflowGen CLI.

{% hint style="success" %}
You've now successfully registered the WorkflowGen CLI in your Azure AD.
{% endhint %}

## Non-interactive mode

The configuration of non-interactive mode is the same as in the [Azure AD Configuration for Server-Side Scripts](https://docs.advantys.com/workflowgen-for-azure/7.17.0-5/azure-active-directory-configuration-for-server-side-scripts) section.