CMES App Registration

Instructions for configuring an app registration for CMES

Nick Smith avatar
Written by Nick Smith
Updated over a week ago

As part of the Cloud Maker Enterprise Server (CMES) install using the Azure Marketplace solution offer, an Azure Active Directory App Registration is required.

The app registration is required to allow Azure Active Directory-based user authentication to the CMES appliance.

To set up the Azure App Registration for the CMES install, do the following:

  1. Open Azure Active Directory

  2. Navigate to App Registrations on the left panel

  3. Select +New App Registration

  4. Enter a Name for your App Registration

  5. Select Accounts in this organizational directory only (Tenant Name - Single tenant)

  6. Do not enter a Redirect URI, as this is not required

  7. Note down the Application (Client) ID and Directory (tenant) ID for later

  8. In the Authentication section:

    1. Add a platform: Single-page application

    2. Configuration:

      1. Redirect URI: Enter the FQDN you wish to use for your CMES appliance:

        1. For a custom domain it would be

        2. For a default FQDN, it would be https://<public-ip-dns-label>.<region>

        3. For a US Gov default FQDN, it would be: https://<public-ip-dns-label>.<region>

      2. Do not enter a Front-channel logout URL

      1. Make sure Access tokens is checked

      2. Make sure ID tokens is checked

      3. Click Configure to save your settings

  9. Next, select the Expose an API option on the left menu and set the following settings:

    1. Add a scope

    2. Save and continue with the default application ID

    3. Configuration:

      1. Scope name: user_access

      2. Who can consent: Admins only

      3. Admin consent display name: User access scope for CMES

      4. Admin consent description: This scope facilitates user access to the Cloud Maker Enterprise Server appliance.

      5. Click Add scope to save your settings

  10. Next, select Manifest from the left menu and set the following settings:

    1. Change accessTokenAcceptedVersion from null to 2 and save

Did this answer your question?