Login into your Azure Port
Search for and select App registrations.
Make sure your Azure AD account in the Azure portal is configured with a redirect URL like
(protocol):/(host)/oauth2/code/my_azure_ad_tenant_idkindly confirm and update your correct tenant id. (https://dhis2Appurl/oauth2/code/azuretenanantid)Click Register
under the Authentication Tab click on ADD a platform make sure the field are configured as shown in the display below .
Select the Web icon and configure as shown below
Click on Save
Click the Certificates & secrets in the pane select New Client Secret , choose a name for the secret eg. dhis2app etc ,chose the expiry date of never or how long you want the secret to be active .copy out the client secret value as you may it may not be visible once you leave the window.
Click the On Token configuration,Click Add optional Claim and use the config as shown
Click on API Permissions,Click Add a permission ,click on microsoft graph, click on delegated permissions.Search for the following and select it.
Directory.AccessAsUser.All, then click on grant admin consent
OPenID DO not enable grant admin consent for this.
for Branding Tab configure as shown below
Kindly Enusre that all users who will have access have their email is registered in their contact info in AZURE AD as shown below for my account
My User Account Config on an OIDC configured instance
once all configurations set share the following details with BAO systems and we will update your dhis2 server with the config.
Application (client) ID
Directory (tenant) ID
Client credentials secret
Redirect URI