Register a confidential client application in Azure Active Directory for Azure API for FHIR

In this tutorial, you'll learn how to register a confidential client application in Azure Active Directory (Azure AD).

A client application registration is an Azure AD representation of an application that can be used to authenticate on behalf of a user and request access to resource applications. A confidential client application is an application that can be trusted to hold a secret and present that secret when requesting access tokens. Examples of confidential applications are server-side applications.

To register a new confidential client application, refer to the steps below.

Register a new application

  1. In the Azure portal, select Azure Active Directory.

  2. Select App registrations.

    Azure portal. New App Registration.

  3. Select New registration.

  4. Give the application a user-facing display name.

  5. For Supported account types, select who can use the application or access the API.

  6. (Optional) Provide a Redirect URI. These details can be changed later, but if you know the reply URL of your application, enter it now.

    New Confidential Client App Registration.

  7. Select Register.

API permissions

Permissions for Azure API for FHIR are managed through RBAC. For more details, visit Configure Azure RBAC for FHIR.

Note

Use grant_type of client_credentials when trying to otain an access token for Azure API for FHIR using tools such as Postman. For more details, visit Testing the FHIR API on Azure API for FHIR.

Application secret

  1. Select Certificates & secrets, and then select New client secret.

    Confidential client. Application Secret.

  2. Enter a Description for the client secret. Select the Expires drop-down menu to choose an expiration time frame, and then click Add.

    Add a client secret.

  3. After the client secret string is created, copy its Value and ID, and store them in a secure location of your choice.

    Client secret string.

Note

The client secret string is visible only once in the Azure portal. When you navigate away from the Certificates & secrets web page and then return back to it, the Value string becomes masked. It's important to make a copy your client secret string immediately after it is generated. If you don't have a backup copy of your client secret, you must repeat the above steps to regenerate it.

Next steps

In this article, you were guided through the steps of how to register a confidential client application in the Azure AD. You were also guided through the steps of how to add API permissions to the Azure Healthcare API. Lastly, you were shown how to create an application secret. Furthermore, you can learn how to access your FHIR server using Postman.