Skip to main content

1: Microsoft Entra App Registration

Updated

DvSchemaSync requires a Microsoft Entra App Registration to authenticate with Dataverse. This same App Registration can optionally be used for Azure SQL authentication. Follow these steps to create and configure your App Registration.

Required Permissions

To create an App Registration in Microsoft Entra ID, you need one of the following roles:

• Application Administrator: Can create and manage all aspects of app registrations

• Cloud Application Administrator: Can create and manage app registrations (excluding Application Proxy)

• Global Administrator: Full access to all administrative features

• Users with default permissions: If your tenant allows it, regular users can create app registrations (controlled by the "Users can register applications" setting in Entra ID)

💡 Note: Contact your IT administrator if you don't have permission to create app registrations. They may need to create it for you or grant you the appropriate role.

Creating the App Registration

  1. Sign in to the Azure Portal (https://portal.azure.com).
  2. Navigate to Microsoft Entra ID (formerly Azure Active Directory).
  3. Select App registrations from the left menu.
  4. Click New registration.
  5. Enter a name for your application (e.g., "DvSchemaSync").
  6. For Supported account types, select "Accounts in this organizational directory only".
  7. Leave Redirect URI blank (not required for this application).
  8. Click Register.

Recording Your App Details

After registration, you'll need to record the following values. These will be entered into DvSchemaSync when creating connections.

Application (client) ID: Found on the Overview page. Copy this value.

Directory (tenant) ID: Found on the Overview page. Copy this value.

Client Secret: You'll create this in the next step.

Display Name: You’ll need this when registering permissions in Azure SQL Server

Creating a Client Secret

  1. From your App Registration, select Certificates & secrets from the left menu.
  2. Under Client secrets, click New client secret.
  3. Enter a description (e.g., "DvSchemaSync Production").
  4. Select an expiration period (recommended: 12 or 24 months).
  5. Click Add.
  6. Important: Copy the secret Value immediately. It will only be shown once.

⚠ Warning: Store your Client Secret securely. If you lose it, you'll need to create a new one. Set a calendar reminder before expiration to rotate the secret.

API Permissions (Not Required)

✓ Note: You do not need to configure API permissions in the App Registration for Dataverse access. DvSchemaSync uses Server-to-Server (S2S) authentication with an Application User. Access is controlled by the security roles assigned to the Application User in Dataverse, not by API permissions in Azure.

Related to