Author: Arif Ali Mansuri
Creating a client provider using Azure is one of the features of the Anypoint platform and will be covered in this blog.
Using Azure AD as a tenant provider allows you to use your existing setup to authenticate and authorize API consumers. The Azure AD configuration in the Anypoint platform also provides a stateless microservice that translates OAuth 2.0 client application registration requests into requests supported by Azure AD.
Let’s see how we can add Azure AD to act as a client provider in MuleSoft.
Prerequisites: (i) Azure Account (ii) Anypoint platform credentials with access management permissions
Follow the Steps:
- Open your Azure portal and click on the Active directory.

Figure 1.1
- Just Click on the App registration.

Figure 1.2
- Now click on New registration.
Figure 1.3
- Provide the details and register.
Figure 1.4
- Now copy client id and tenant id form the App Page.
Figure 1.5
- Now click on endpoints to get issuer id i.e WS-Federation sign-on endpoint in the client management configuration.

Figure 1.6
- Now click on certificate and secrets then create new client secret.

Figure 1.7
- Copy the secret value(The value will only be displayed once, so copy it and keep it in a safe place).

Figure 1.8
- Then click API Permissions, click Add Permissions.

Figure 1.9
- Add following permissions.
Figure 1.10
- Once added, click Grant admin access for the default directory.
Figure 1.11
- This completes the Azure configuration part.
Let’s move on to our Anypoint platform access management to add a client provider.
- Login to the Anypoint platform
- Go to Access Management & open Client Provider

Figure 2.1
- Click the drop-down menu and select OpenID Connect DCR Azure.

Figure 2.2
- Provide Basic Client Details
- Name – Anything you can give
- Description – Any
- Dynamic Client Registration
- Issuer ( ) – ws-federation sign-on endpoint (refer fig 1.6)
- Tenant ID for Azure AD – Directory (tenant) ID (refer fig 1.5)
- Client ID – Application (Client) ID (refer fig 1.5)
- Client Secret – Created secret value (refer fig 1.8)
- Tick All the below checkboxes
- Now create

Figure 2.3
- This completes the creation of the dynamic client provider.
- Then navigate to the organization environment and assign the customer vendor accordingly .

Figure 2.4
Go to API Manager and apply the OpenId Connect access token enforcement policy to one of your live API instances.

Figure 2.5
Time to check our implementation.
Let’s create a new client in Anypoint Exchange and also authenticate the client to Azure AD Active Directory.

Figure 3.1
New client successfully created in azure active directory.

Figure 3.2
Useful URLs:
Create Token URL: https://login.microsoftonline.com/{{azure-application-client-id}}/oauth2/v2.0/token

Figure 3.3
Status Code: 200 OK – Success Case

Figure 3.4
Status Code: 400 Bad Request – Failure Case

Figure 3.5