What you’ll need
- An Azure account and a tenant (or create a tenant).
- Your ngrok authtoken and an endpoint with the OAuth action in its Traffic Policy.
Register an application
Follow Microsoft’s app registration documentation to register an application in Microsoft Entra ID, and set the following:- Supported account types: ngrok does not support single-tenant applications. Choose a multi-tenant option: either Accounts in any organizational directory or Accounts in any organizational directory and personal Microsoft accounts (for example, Skype, Xbox).
- Redirect URI: choose the Web platform and enter
https://idp.ngrok.com/oauth2/callback.
Configure your application
In your app’s settings, configure the following:- API permissions: ensure
User.Read(or a more permissive scope such asUser.Read.All) is granted. Add any additional scopes your application requires and note them for later.- Scopes that require application review by Microsoft are unsupported.
- Scopes that require admin consent prevent tenants’ users from authorizing until consent is granted.
- Client secret: create a new client secret and copy its Value immediately, since it is shown only once.
Update your ngrok endpoint Traffic Policy
- Access the ngrok Dashboard Endpoints page and locate an existing endpoint you’d like to add this to or create a new one.
- In your traffic policy, add the following configuration:
You may add any scopes that are required by your application with the following caveats.
- Scopes which require a Facebook app review are unsupported.
- ngrok will enforce that users accept all permissions before completing authorization.
Configure access control
Optionally, configure access control to your service by only allowing specific users or domains.Further resources
- Creating a Microsoft Entra ID tenant
- Permissions and consent (restricted permissions)
- Microsoft Graph User resource type (id, displayName, mail, userPrincipalName)