# Microsoft Entra ID (Azure AD)

## AppConfig:AuthConfig:ApplicationId

*Linux: AppConfig\_\_AuthConfig\_\_ApplicationId*

The Application (client) ID from your Microsoft Entra ID (Azure AD) App registration (SCEPman-CertMaster). This setting is configured during the setup.

{% hint style="danger" %}
Changes can harm your service!
{% endhint %}

## AppConfig:AuthConfig:SCEPmanAPIScope

*Linux: AppConfig\_\_AuthConfig\_\_SCEPmanAPIScope*

This value comes from the Microsoft Entra ID (Azure AD) app registration. It is used to authenticate against SCEPman and authorize the CSR submissions.

{% hint style="danger" %}
Changes can harm your service!
{% endhint %}

## AppConfig:AuthConfig:TenantId

*Linux: AppConfig\_\_AuthConfig\_\_TenantId*

The Tenant ID in Microsoft Entra ID (Azure AD). This setting is automatically configured during the setup.

{% hint style="danger" %}
Changes can harm your service!
{% endhint %}

## AppConfig:AuthConfig:ManagedIdentityEnabledOnUnixTime

*Linux: AppConfig\_\_AuthConfig\_\_ManagedIdentityEnabledOnUnixTime*

The time as Unix epoch when the required permissions to the Managed Identity were granted. SCEPman Certificate Master acquires a token using the Managed Identity only after a short delay (60 seconds in SCEPman 2.0) after this time, because only then do the roles in the token reflect the correct permissions added by the CMDlet. The tokens are cached [for 24 hours with no way to force refresh the cache](https://docs.microsoft.com/en-us/azure/app-service/overview-managed-identity?tabs=portal%2Cdotnet#configure-target-resource), so if you added a permission after SCEPman Certificate Master has acquired a token, you need to wait up to 24 hours until Certificate Master can use this new permission.

{% hint style="danger" %}
Changes can harm your service!
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.scepman.com/scepman-configuration/application-settings-1/azure-ad.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.