Skip to content

Microsoft Entra ID Setup

This guide walks through registering AgentCube as an application in Microsoft Entra ID (formerly Azure AD).

Step 1: Create App Registration

  1. Navigate to Azure PortalMicrosoft Entra IDApp registrations
  2. Click New registration
  3. Configure:
    • Name: AgentCube MCP (or your preferred name)
    • Supported account types: Accounts in this organizational directory only (Single tenant)
    • Redirect URI: Select Web and enter: 
      https://{connector_hostname}/auth/callback
  4. Click Register

Multiple connectors

If you are deploying both Essbase and Planning connectors, add a redirect URI for each:

  • https://{essbase_connector_hostname}/auth/callback
  • https://{planning_connector_hostname}/auth/callback

You can add additional redirect URIs under AuthenticationPlatform configurations after registration.

Step 2: Create Client Secret

  1. Go to Certificates & secretsClient secrets
  2. Click New client secret
  3. Set a description and expiration period
  4. Click Add
  5. Copy the secret VALUE immediately — it will not be shown again

Secret VALUE vs Secret ID

Entra shows two values: a Secret ID (a GUID) and the Secret VALUE (a long string). You need the VALUE, not the ID.

Step 3: Expose an API

  1. Go to Expose an API
  2. Click Set next to Application ID URI — accept the default api://{client_id}
  3. Click Add a scope:
    • Scope name: access
    • Who can consent: Admins and users
    • Admin consent display name: Access AgentCube
    • Admin consent description: Allow the application to access AgentCube on behalf of the signed-in user
  4. Click Add scope

Step 4: Set Token Version

  1. Go to Manifest
  2. Find "requestedAccessTokenVersion" (it will be null by default)
  3. Change null to 2
  4. Click Save

Critical step

If you skip this step, Entra issues v1.0 tokens with an incorrect audience format, and authentication will fail.

Step 5: Record Configuration Values

You need three values for your AgentCube environment variables:

Entra Value Environment Variable
Application (client) ID OIDC_CLIENT_ID
Client secret VALUE OIDC_CLIENT_SECRET
Directory (tenant) ID OIDC_TENANT_ID

These values are found on the app registration Overview page (client ID, tenant ID) and in Certificates & secrets (secret value).

Next Steps