# Graph Service Principal

## Add Graph Service Principal

Bringing your own "*Graph Service Principal*" will integrate your Microsoft Entra ID with DataCentral. This integration will enable connection to your internal Active Directory and additionally, external AD users can be invited into your AD system (Entra ID). Optionally, these invitations can be sent to these external users via email.

To create your own Microsoft Graph and add it to DataCentral, please perform all the steps below in the specified order.

You will need following roles within Azure to create an app registration.

* Application Administrator
* Cloud Application Administrator
* Global Administrator

***

### Azure Portal

1. Sign in to the [Azure Portal](https://ms.portal.azure.com/#allservices).
2. Search for and select App registrations.

<figure><img src="/files/E3veuxqm951AHELgiZ6S" alt=""><figcaption><p>Azure Portal</p></figcaption></figure>

3. Select **New registration.**

<figure><img src="/files/ZiYNAykoHUpdtt5AASkg" alt=""><figcaption><p>New Application</p></figcaption></figure>

4. Fill in the required information:

   * **Name** - Enter a name for your application
   * **Supported accounts types** - Single tenant
   * (Optional) **Redirect URI** - Enter a URI if needed

5. Select **Register**

6. After you register your app, the **Application ID** is available from the **Overview** tab. Copy and save the **Application ID** for later use.

<figure><img src="/files/OlGJ9PusO5DUW10uVOd7" alt=""><figcaption><p>Register Application</p></figcaption></figure>

7. Select **Certificates & secrets.**

<figure><img src="/files/xLVTsWYJRld8dw5QS0FO" alt=""><figcaption><p>Certificates &#x26; Secrets</p></figcaption></figure>

8. Select **New client secret.**

<figure><img src="/files/9kbo1OXJuEwyuXa14Gh3" alt=""><figcaption><p>New Client Secret</p></figcaption></figure>

9. Copy and save the **client secret** value

<figure><img src="/files/tWIJKMQOHWdIUjoZOi8N" alt=""><figcaption><p>Client Secret value</p></figcaption></figure>

10. Add Microsoft Graph **API permissions** and then 'Grant admin consent'.
    * GroupMember.ReadWrite.All
    * User.Invite.All
    * User.Read.All

<figure><img src="/files/8AeOs8SCuo8V5CG5PbVv" alt=""><figcaption><p>API permissions</p></figcaption></figure>

***

### DataCentral tenant

Under Administration Settings -> Azure Configurations input the values collected from Azure Portal for your Microsoft Graph Service Principal.

* Application (client) ID
* Client Secret
* (Optional) Service Group Object ID

<figure><img src="/files/Zx3Ha94Hwonqz63LItEw" alt=""><figcaption><p>DataCentral Azure Configurations</p></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://uidata.gitbook.io/datacentral-knowledge-center/deployments/graph-service-principal.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.