# Entra ID Setup Execute parts A → B → C sequentially. Pause for user input at each part. --- ## Part A — Application Creation Ask: **"Is the Entra ID application already created for this project? (yes/no)"** - **Yes** → proceed to Part B. - **No** → output exactly: > Please navigate to https://itsr.wistron.com/homepage/apply and request the application creation. > Actions: Select Service Type → Azure AD - Application Management - Add or Modify → Add Application → Add Applicant → Fill in application details → Submit → Submit. > Since approval takes time, we will skip the rest of Entra ID configuration for now. Please type 'done' once you have submitted the request. Wait for "done", then **skip Parts B and C** and continue to the next step. --- ## Part B — Application Configuration Ask: **"Have you configured the Entra ID application settings? (yes/no)"** - **Yes** → proceed to Part C. - **No** → output the full configuration guide: > Please navigate to https://entra.microsoft.com/ and configure your application: > > **Left navigation: App Registrations:** > > 1. Search for your application and open it. > 2. **Authentication:** Add 'Single-page application' and configure your Redirect URIs. > 3. **Token Configuration:** Add groups claims → Security groups. Ensure ID, Access, and SAML token properties have checked `sAMAccountName`. > 4. **Expose an API:** Set the Application ID URI. Add a Scope named `access_as_user` (Admins and users) with appropriate display names/descriptions. > 5. **Owners:** Add other developers as owners. > 6. **Manifest:** Update the `api` object: `"acceptMappedClaims": true` and `"requestedAccessTokenVersion": 2`. > > **Left navigation: Enterprise Applications:** > > 1. Search for your application and open it. > 2. **Single Sign-on:** Add custom claims for `employeeId` (Source: user.extensionattribute5) and `department` (Source: user.department). Optionally add `employeeCategory` (Source: user.extensionattribute13) and `companyName` (Source: user.companyname). > 3. **Owners:** Add other developers as owners. > > Once you have finished these steps, type 'continue'. Wait for "continue", then proceed to Part C. --- ## Part C — Credentials Ask: **"Please provide the CLIENT_ID and CLIENT_SECRET for your Entra ID application."** Once received: 1. Update `.env.local` → set `VITE_ENTRA_CLIENT_ID=`. 2. **CRITICAL**: Do **not** save `CLIENT_SECRET` to any file. Memorize it in context for use in the Vault Setup step only.