Go to portal.azure.com -> Azure Active Directory -> App registrations
Create a new app registration. Set the name and leave “Accounts in this organizational directory only (Default Directory only - Single tenant)” account type.
For the redirect URI please set https://app.2gethr.ch/api/AzureAdAuth/Authenticate
When you are ready, click Register.
Copy “Application (client) ID” and “Directory (tenant) ID” to from azure portal to 2getHR settings.
Then click your app name (next to “Display name” label).
Copy “Publisher Domain” to 2getHR settings. Then click “API permissions” navigation menu item.
Click “Add a permission”. In dialog please select “Microsoft Graph” section,
then select “Application permissions” option, then type “directory” in the search box,
check “Directory.Read.All” in filtered list and click “Add permissions” button
Please click “Grant admin consent for Default Directory” button, then click “Certificates & secrets” navigation menu item.
Please click “New client secret” button. In dialog please set Description and Expires - Never, then click Add button.
Then copy generated secret to 2getHR settings. Now all required fields are set so you can save 2getHR adal settings.
If you want azure login to work not for all azure users, but for particular group, you need to copy this group object Id to 2getHR settings.