21 May 2025

How to set up groups in Microsoft Entra ID

Set Tribal Platform as an application in Entra ID and then create a client secret key in Entra ID. Then, set up the required groups.

Set up Tribal Platform as an application

Set up Tribal Platform as an application in Microsoft Entra ID and then create a client secret key in Entra ID. Before setting up Entra ID, you require the following:

  • An Entra ID account with administrative permissions to manage applications, client secret keys, and users.

  • A copy of the Tribal document Edge Tenant and Core Branding Request.docx, which is available on Tribal Communities. On Tribal Communities, go to Community Knowledge base Tribal Edge platform knowledge base General Information Accessing Tribal Edge Tenants (Environments).

  • The tenant name for the institution. If you do not know the tenant name, contact Tribal support.

Set up Tribal Platform as an application in Entra ID

Set up Tribal Platform as an application for authenticating with Entra ID user accounts as follows:

  1. On the Entra admin centre, go to Applications Application registrations, and then select New application registration.

    Define the name of the application, such as TribalPlatform, select the supported account types, such as Accounts in this organisational directory only, and then select Register to register the application, as shown in the image Register new application.

    Register new application
    On the register application page, define the name of the application, select the supported account types, then select register to register the application

  2. Define the redirect URLs. On the App registration page TribalPlatform, select Authentication and then select Add a platform. Then, add the redirect URIs that return the authentication response to Tribal Platform, as detailed in the table Configure platforms where: 

    • tenantname is the institutions tenant name, such as caltech.

    • region is the geographical region of the institution, such as APAC.

    Configure platforms
    Type URL Description
    Web https://identity.tribaledge.com/region/tenantname/connect/callback Always required.
    Web https://identity.tribaledge.com/region/tenantname/signin-oidc-ThirdParty Always required.
    Web https://identity.tribaledge.com/region/tenantname/signin-oidc-ADFS Required when using ADF (Active Directory Federation Services).

  3. Configure the API permissions. Go to API permissions Add permissions select the APIs my organisation uses tab. Enter Windows Azure Active Directory in the field and then press enter or select Windows Azure Active Directory option from the menu.

  4. Delegate the permissions. Go to Windows Azure Active Directory permission and then select Delegated permissions.

    Select the User.Read and User.ReadBasic.All options and then select Add permission, as shown in the image Delegated permissions.

    Delegated permissions
    Delegate permissions in Azure active directory

  5. Set up the Microsoft Graph API to use the external unique identifier. Go to Add permission Microsoft Graph and then select Delegate permissions.

    Select the User.Read and User.RealBasic.All options and select Add permissions, as shown in the image Microsoft Graph permissions.

    Microsoft Graph user permissions
    To use the external unique identifier, select the User.Read and User.RealBasic. All optiond and then select Add permisisons

  6. On the Microsoft Graph API permissions, go to Add permission and then select Application permissions.

    Select the User.Read.All and then select Add permissions, as shown in the image Microsoft Graph application permissions.

    Microsoft Graph application permissions
    To delegate permissions, select User.Read.All and then Add permissions

  7. Grant consent for all users in Azure Active Directory. Go to the API permissions for the Tribal Platform application and then select Grant admin consent for TribalPlatform.

Create the client secret key in Azure Active Directory

Create the client secret key for the Tribal Platform application. Then, send the client secret key and required identifiers to Tribal using the Tribal Platform tenant and core branding request document to enable the creation of the secure connection between Azure Active Directory and Tribal Platform.

Create the client secret key as follows:

  1. Download the Tribal Platform tenant and core branding request document. On Tribal Communities, go to Community Knowledge base Tribal Edge platform knowledge base General Information Accessing Tribal Edge Tenants (Environments). Then, download the Edge Tenant and Core Branding Request.docx document.

  2. Copy the application and directory identifiers. On Azure Active Directory, go to Application registrations TribalPlatform application Overview page. Then, copy the Application (client) ID and Directory (tenant) ID) identifiers to the Tribal Platform tenant and core branding request document.

    The image Unique identifiers shows the Tenant ID (Directory ID) and Client ID (Application ID) that must be copied to the Tribal Platform tenant and core branding request document.

    Unique identifiers
    Unique identifiers for application and directory

  3. Create the client secret key. On Application registrations, go to Certificates & secrets and then select New client secret.

    Define the name of the client secret key, such as TribalPlatform client secret, and select the expiry duration of the key, such as 24 months.

    A new client secret key must be sent to Tribal before the expiry date to prevent service interruption.

  4. Send the Tribal Platform tenant and core branding request document to Tribal. Do not copy the client secret key to the Tribal Platform tenant and core branding request document, you can add contact details to the document to arrange secure communication of the client security key to Tribal.

Set up groups

By default, Tribal Platform only has the EdgeAdministrator group. Therefore, you must create the EdgeAdministrator group in Entra ID and create the user groups required by your institution. Then, log in to Tribal Platform using an account in the EdgeAdministrator group and add your user groups in Tribal Platform.

To set up groups in Entra ID, you require the following:

  • An Entra ID account with administrative permissions to manage users.

  • The names of the groups required by your institution. Note that group names must not have spaces.

For full details on adding app roles and assigning users to app roles, go to Add app roles to your application and receive them in the token.

Set up groups as follows:

  1. Entra admin centre, go to App registrations and then select the application, such as TribalPlatform.

  2. Add an app role for the Edge administrator group. Select App roles and the add the values required for the group are described in the table App role for the EdgeAdministrator group.

    App role for the EdgeAdministrator group
    Field Description
    Display name Enter the display name for the app role, such as Edge administrators.
    Allow member types Set to Users/Groups so that the app role can be assigned to users.
    Value Enter EdgeAdministrator, without spaces.
    Description Enter a description such as Edge administrator with full permissions in TribalPlatform.
    Do you want to enable this app role? Select the checkbox to enable the role.

  3. Add an app role for each user group. The values required for the group are described in the table App roles for the user groups.

    App roles for the user groups
    Field Description
    Display name Enter the display name for the app role, such as Applications supervisors.
    Allow member types Set to Users/Groups so that the app role can be assigned to users.
    Value Enter name of the group, such as ApplicationsSupervisors, without spaces.
    Description Enter a description such as Application supervisors for all desks in TribalPlatform.
    Do you want to enable this app role? Select the checkbox to enable the role.

  4. Assign users to the group in Entra ID. Go to Application registrations TribalPlatform Users and groups, and then select Add user.