You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/healthcare-apis/register-application.md
+21-15Lines changed: 21 additions & 15 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -16,29 +16,31 @@ In this article, you learn how to register a client application in Microsoft Ent
16
16
## Register a new application
17
17
18
18
1. In the [Azure portal](https://portal.azure.com), select **Microsoft Entra ID**.
19
-
2. Select **App registrations**.
19
+
1. Select **App registrations**.
20
+
20
21
:::image type="content" source="media/register-application-new-app-registration.png" alt-text="Screenshot of the new app registration window in Microsoft Entra ID." lightbox="media/register-application-new-app-registration.png":::
21
22
22
-
3. Select **New registration**.
23
-
4. For Supported account types, select **Accounts in this organization directory only**. Don't change the other options.
23
+
1. Select **New registration**.
24
+
1. For Supported account types, select **Accounts in this organization directory only**. Don't change the other options.
25
+
24
26
:::image type="content" source="media/register-application-account-types.png" alt-text="Screenshot of the new registration account options for supported account types." lightbox="media/register-application-account-types.png":::
25
27
26
-
5. Select **Register**.
28
+
1. Select **Register**.
27
29
28
30
## Application ID (client ID)
29
31
30
-
After registering a new application, you can find the application (client) ID and Directory (tenant) ID in the **Overview**menu option. Make a note of the values for use later.
32
+
After registering a new application, you can find the **Application (client) ID** and **Directory (tenant) ID** in the **Overview**page. Make a note of the values for use later.
31
33
32
34
:::image type="content" source="media/register-application-app-overview.png" alt-text="Screenshot of the application client ID and tenant ID overview panel in Microsoft Entra ID." lightbox="media/register-application-app-overview.png":::
33
35
34
36
35
37
## Authentication setting: confidential vs. public
36
38
37
-
Select **Authentication** and the **Settings** tab to review the settings. The default value for **Allow public client flows** is **Disabled**.
39
+
Select **Authentication** and the **Settings** tab. The default value for **Allow public client flows** is **Disabled**.
38
40
39
41
If you keep this default value, the application registration is a **confidential client application** and requires a certificate or secret.
40
42
41
-
:::image type="content" source="media/register-application-allow-public-client-flows.png" alt-text="Screenshot of the authentication settings for a confidential client application."::: ](media/register-application-allow-public-client-flows.png#lightbox)
43
+
:::image type="content" source="media/register-application-allow-public-client-flows.png" alt-text="Screenshot of the authentication settings for a confidential client application." lightbox="media/register-application-allow-public-client-flows.png":::
42
44
43
45
44
46
If you enable the **Allow public client flows** option, the application registration is a public client application and doesn't require a certificate or secret. Public client applications are useful when you want to use the OAuth 2.0 authorization protocol or features as described in [Public client and confidential client applications](/entra/identity-platform/msal-client-applications#when-should-you-enable-a-public-client-flow-in-your-app-registration).
@@ -52,9 +54,6 @@ For example, when you choose **Mobile and desktop applications**, you select the
52
54
53
55
:::image type="content" source="media/register-application-add-redirect-uri-mobile-desktop-platform.png" alt-text="Screenshot of configure other platform." lightbox="media/register-application-add-redirect-uri-mobile-desktop-platform.png":::
54
56
55
-
56
-
57
-
58
57
## Certificates and client secrets
59
58
60
59
To create a new client secret, use the following steps.
@@ -78,13 +77,16 @@ Optionally, you can upload a certificate (public key) and use the Certificate ID
78
77
79
78
## API permissions for DICOM and FHIR services
80
79
81
-
The following steps are required for the DICOM service, but optional for the FHIR service.
80
+
If you're using Azure Health Data Services, adding API permissions to the FHIR service is optional because the FHIR service supports both user delegated permission and application permission. You can choose to add permissions for the FHIR service if your application scenario requires application permission, which is used when the application runs without a signed-in user. If you want to add permissions for the FHIR service, search for **Azure API for FHIR** under **APIs my organization** uses, and then select the required permissions.
81
+
82
+
83
+
The following steps are required for the DICOM service.
82
84
83
85
1. Select **API permissions**.
84
86
85
87
:::image type="content" source="dicom/media/dicom-add-apis-permissions.png" alt-text="Screenshot of API permission page with Add a permission button highlighted." lightbox="dicom/media/dicom-add-apis-permissions.png":::
86
88
87
-
2. Select **Add a permission**.
89
+
1. Select **Add a permission**.
88
90
89
91
If you're using Azure Health Data Services, add a permission to the DICOM service by searching for **Azure API for DICOM** under **APIs my organization** uses.
90
92
@@ -94,9 +96,10 @@ The following steps are required for the DICOM service, but optional for the FHI
94
96
95
97
If you're referencing a different resource application, select your DICOM API Resource Application Registration that you created previously under **APIs my organization**.
96
98
97
-
3. Select scopes (permissions) that the confidential client application asks for on behalf of a user. Select **Dicom.ReadWrite**, and then select **Add permissions**.
99
+
1. Select scopes (permissions) that the confidential client application asks for on behalf of a user. Select **Dicom.ReadWrite**, and then select **Add permissions**.
100
+
101
+
:::image type="content" source="dicom/media/dicom-select-scope.png" alt-text="Screenshot of scopes (permissions) that the client application asks for on behalf of a user." lightbox="dicom/media/dicom-select-scope.png":::
98
102
99
-
:::image type="content" source="dicom/media/dicom-select-scope.png" alt-text="Screenshot of scopes (permissions) that the client application will ask for on behalf of a user." lightbox="dicom/media/dicom-select-scope.png":::
100
103
101
104
>[!NOTE]
102
105
>Use `grant_type` of `client_credentials` when getting an access token for the FHIR service by using tools such as REST Client. For more information, see [Accessing Azure Health Data Services using the REST Client Extension in Visual Studio Code](./fhir/using-rest-client.md).
@@ -105,4 +108,7 @@ The following steps are required for the DICOM service, but optional for the FHI
105
108
## Next step
106
109
107
110
> [!div class="nextstepaction"]
108
-
> [Configure Azure RBAC for Azure Health Data Services](configure-azure-rbac.md)
111
+
> [Configure Azure RBAC for Azure Health Data Services](configure-azure-rbac.md)
112
+
113
+
114
+
[!INCLUDE [FHIR and DICOM trademark statements](./includes/healthcare-apis-fhir-dicom-trademark.md)]
0 commit comments