Overview
Before turning on Entra ID in the Helm chart, you need to register two applications in Microsoft Entra ID. You can do this via the Azure CLI (recommended) or manually through the Azure Portal.
Option A: Azure CLI (recommended)
Go to the Helm Assistant Automate tab > Entra ID Setup to generate and download a setup script. The script creates both app registrations using the Azure CLI and outputs the exact Helm values at the end.
Option B: Azure portal
Step 1: Register the interaction client
To register the interaction client:
-
In the Azure portal, navigate to Microsoft Entra ID > App registrations.
-
Select New registration.
-
Name the app
interaction-client.
Note the Client ID and Tenant ID.
-
Go to the Authentication section.
-
Under Redirect URIs, add a new entry of type Mobile & Desktop with the value
ms-appx-web://Microsoft.AAD.BrokerPlugin/{Client ID}. Replace{Client ID}with the Application ID from theinteraction-clientapp registration.
Step 2: Register the Interaction API
To register the interaction API:
-
Create another New registration.
-
Name the app
interaction-api.
Note the Client ID and Tenant ID.
-
Select Add Application ID URI, then create a custom scope named
Interaction.Clients:-
Name/Description: access RPI.
-
Who can consent: admins and users.
-
-
Under Authorized client applications, add the Interaction Client's Client ID.
Generate your overrides
Once you have the Client ID, API ID, and Tenant ID from either method above, go to the Helm Assistant Generate tab > Step 8: Services > Microsoft Entra ID and enter these values. They will be included in your generated overrides.yaml automatically.
Complete the Entra ID app registrations before generating your overrides so you have the required IDs ready.
To sign in with Microsoft Entra ID, each RPI user account must use the same email address as their Entra ID username (e.g., first.last@example.com).
For all available MicrosoftEntraID configuration keys, see the Helm Assistant Reference tab.