Microsoft 365 Directory Provider Setup

Introduction

To integrate your Microsoft 365 / Azure AD (Entra ID) tenant with BassemLabs, create an Azure AD App Registration, configure the required API permissions, and grant admin consent so BassemLabs can securely create/update/suspend user accounts.

This guide uses Microsoft Graph API with application permissions (app-only access).

Visual guide:

• https://scribehow.com/viewer/Integrate_Scribe_with_Azure_ADMicrosoft_365_for_User_Management__MUBXmnlBT0Sy4BYzxswFMw?referrer=workspace

Step 1: Access Azure Portal

1. Go to https://portal.azure.com/
2. Sign in with a Global Administrator account (or account with app registration permissions)
3. Open Azure Active Directory / Microsoft Entra ID

Step 2: Register a New Application

1. Open App registrations
2. Click + New registration
3. Fill:

• Name: BassemLabs Integration (or similar)
• Supported account types: Accounts in this organizational directory only (Single tenant)
• Redirect URI: leave empty

4. Click Register

Step 3: Copy Tenant ID and Client ID

From app Overview, copy:

• Directory (tenant) ID
• Application (client) ID

Step 4: Create a Client Secret

1. Open Certificates & secrets
2. Under Client secrets, click + New client secret
3. Description: BassemLabs Integration Secret
4. Choose expiration based on policy
5. Click Add
6. Copy the secret VALUE immediately (shown once)

Step 5: Configure API Permissions

1. Open API permissions
2. Click + Add a permission
3. Select Microsoft Graph
4. Select Application permissions
5. Add:

• User.ReadWrite.All
• Directory.ReadWrite.All

6. Click Add permissions

Step 6: Grant Admin Consent

1. In API permissions, click Grant admin consent
2. Confirm
3. Verify status becomes Granted

Step 6B: Assign User Administrator Role to the App

Required for password updates.

1. Open Roles and administrators in Entra ID
2. Open User Administrator
3. Click + Add assignments
4. Search for your app name (for example, BassemLabs Integration)
5. Add assignment

Step 7: Enter Credentials in BassemLabs

Provide in Organization Keys:

• Tenant ID (Directory ID)
• Client ID (Application ID)
• Client Secret (Secret value, not Secret ID)

Done

Your Microsoft 365 tenant is configured for BassemLabs directory integration.