|
| 1 | +--- |
| 2 | +title: Register a client application for the DICOM service in Azure Active Directory |
| 3 | +description: How to register a client application for the DICOM service in Azure Active Directory. |
| 4 | +author: mcevoy-building7 |
| 5 | +ms.service: healthcare-apis |
| 6 | +ms.subservice: fhir |
| 7 | +ms.topic: tutorial |
| 8 | +ms.date: 09/02/2022 |
| 9 | +ms.author: v-smcevoy |
| 10 | +--- |
| 11 | + |
| 12 | +# Register a client application for the DICOM service in Azure Active Directory |
| 13 | + |
| 14 | +In this article, you'll learn how to register a client application for the DICOM service. You can find more information on [Register an application with the Microsoft identity platform](../../active-directory/develop/quickstart-register-app.md). |
| 15 | + |
| 16 | +## Register a new application |
| 17 | + |
| 18 | +1. In the [Azure portal](https://portal.azure.com), select **Azure Active Directory**. |
| 19 | +2. Select **App registrations**. |
| 20 | +[  ](media/register-application-one.png#lightbox) |
| 21 | +3. Select **New registration**. |
| 22 | +4. For Supported account types, select **Accounts in this organization directory only**. Leave the other options as is. |
| 23 | +[  ](media/register-application-two.png#lightbox) |
| 24 | +5. Select **Register**. |
| 25 | + |
| 26 | +## Application ID (client ID) |
| 27 | + |
| 28 | +After registering a new application, you can find the application (client) ID and Directory (tenant) ID from the overview menu option. Make a note of the values for use later. |
| 29 | + |
| 30 | +[  ](media/register-application-three.png#lightbox) |
| 31 | + |
| 32 | +## Authentication setting: confidential vs. public |
| 33 | + |
| 34 | +Select **Authentication** to review the settings. The default value for **Allow public client flows** is "No". |
| 35 | + |
| 36 | +If you keep this default value, the application registration is a **confidential client application** and a certificate or secret is required. |
| 37 | + |
| 38 | +[  ](media/register-application-five.png#lightbox) |
| 39 | + |
| 40 | +If you change the default value to "Yes" for the "Allow public client flows" option in the advanced setting, the application registration is a **public client application** and a certificate or secret isn't required. The "Yes" value is useful when you want to use the client application in your mobile app or a JavaScript app where you don't want to store any secrets. |
| 41 | + |
| 42 | +For tools that require a redirect URL, select **Add a platform** to configure the platform. |
| 43 | + |
| 44 | +>[!NOTE] |
| 45 | +> |
| 46 | +>For Postman, select **Mobile and desktop applications**. Enter "https://www.getpostman.com/oauth2/callback" in the **Custom redirect URIs** section. Select the **Configure** button to save the setting. |
| 47 | +
|
| 48 | +[  ](media/register-application-five-bravo.png#lightbox) |
| 49 | + |
| 50 | +## Certificates & secrets |
| 51 | + |
| 52 | +Select **Certificates & Secrets** and select **New Client Secret**. |
| 53 | + |
| 54 | +Add and then copy the secret value. |
| 55 | + |
| 56 | +[  ](media/register-application-six.png#lightbox) |
| 57 | + |
| 58 | +Optionally, you can upload a certificate (public key) and use the Certificate ID, a GUID value associated with the certificate. For testing purposes, you can create a self-signed certificate using tools such as the PowerShell command line, `New-SelfSignedCertificate`, and then export the certificate from the certificate store. |
| 59 | + |
| 60 | +## API permissions |
| 61 | + |
| 62 | +The following steps are required for the DICOM service. In addition, user access permissions or role assignments for the Azure Health Data Services are managed through RBAC. For more details, visit [Configure Azure RBAC for Azure Health Data Services](./../configure-azure-rbac.md). |
| 63 | + |
| 64 | +1. Select the **API permissions** blade. |
| 65 | + |
| 66 | + [  ](./media/dicom-add-apis-permissions.png#lightbox) |
| 67 | + |
| 68 | +2. Select **Add a permission**. |
| 69 | + |
| 70 | + Add a permission to the DICOM service by searching for **Azure API for DICOM** under **APIs my organization** uses. |
| 71 | + |
| 72 | + [  ](./media/dicom-search-apis-permissions.png#lightbox) |
| 73 | + |
| 74 | + The search result for Azure API for DICOM will only return if you've already deployed the DICOM service in the workspace. |
| 75 | + |
| 76 | + If you're referencing a different resource application, select your DICOM API Resource Application Registration that you created previously under **APIs my organization**. |
| 77 | + |
| 78 | +3. Select scopes (permissions) that the confidential client application will ask for on behalf of a user. Select **Dicom.ReadWrite**, and then select **Add permissions**. |
| 79 | + |
| 80 | + [  ](./media/dicom-select-scopes-new.png#lightbox) |
| 81 | + |
| 82 | +Your application registration is now complete. |
| 83 | + |
| 84 | +## Next steps |
| 85 | + |
| 86 | +In this article, you learned how to register a client application for the DICOM service in the Azure AD. Additionally, you learned how to add a secret and API permissions to Azure Health Data Services. For more information about DICOM service, see |
| 87 | + |
| 88 | +>[!div class="nextstepaction"] |
| 89 | +>[Overview of the DICOM service](dicom-services-overview.md) |
0 commit comments