Configure Azure AD with SAP Hana OAuth

Create a New Application Registration

1. In the Microsoft Azure AD portal home page, click App Registrations.
2. Click New registration.
3. Enter the name of your app registration and choose Accounts in this organizational directory only as the supported account type.

   

4. Click Register.

Create a Scope

1. In the navigation pane, click Expose an API.
2. Click Set next to the Application ID URI.
3. Click Save without modifying the App ID URI default value.
4. Click Add a Scope and enter the required information. In Who can consent, choose Admins and users.
5. Click Add Scope.

Add Permissions

1. In the navigation pane, click API permissions.
2. Click New registration.
3. Click Add a permission and choose Microsoft Graph.
4. Click Delegated Permissions and select all OpenId permissions.

   

5. Click Add permissions.
6. Click Add a permission and choose My APIs.
7. Select the name of the app registration that you created above.
8. Click Delegated permissions and select the check box of the scope that you created above.
9. Click Add permissions.
10. Click Grant admin consent for <your organization name> and choose Yes.

Create a Client Secret

1. In the navigation pane, click Certificates & secrets.
2. Click New client secret.
3. Enter a name and expiration date.
4. Click Add.

Copy the client secret in the Client secrets list and save it for later. The client secret does not appear when you revisit the page. If you lose the client secret, you can create another.

Edit the App Registration Manifest

1. In the navigation pane, under Manage, click Manifest.
2. Change "accessTokenAcceptedVersion": null, to "accessTokenAcceptedVersion": 2,.
3. Click Save.