Home Privacy Contact Help About

License Keep

Azure Configuration (App Registration)

How to extract the Tenant ID, Client ID, Secret & Token information.

Go to your Azure admin portal and find the APP Registration.
It should be as a shortcut on the Azure Services section as indicated with the red box…

.. If not, follow the numbered menu navigation below:

Enter the name of your App – in this example, the App will be called AAD Licensing Plugin…
This is to manage the licenses for an App called AAD (Adaptive Audience Display)

Continue to the next screen.

Change the focus to view ALL APPLICATIONS.

You should now see your new app listed.

Click your new app to enter its properties section.

Select the API Permissions

This image shows the Tenant ID and Client ID, both of which are required for License Keep Lite.

We now need to add Microsoft Graph (Assuming its not already listed).

Click ADD A PERMISSION

In the menu on the right side of the screen, change focus to API’s MY ORGANIZATION USES.

In the filter box, start typing Microsoft Graph and it should filter down the results.

Select Microsoft Graph.

Microsoft Graph should now be listed.

Click it to enter its properties section.

Using the filter box, find the following API permissions:

  • Sites.Read.All
  • User.Read

Then click UPDATE PERMISSIONS.

Now click GRANT ADMIN CONSENT to activate the permission.

It should now look like what you see in the red box below.

Select CERTIFICATES & SECRETS

We now need to create a secret.

Click NEW CLIENT SECRET

Give the secret a description and set the expiry time – I recommend 12 months, but it’s best to follow your own security compliance standard.

COPY THESE NOW…. the value will not be shown again.

Once you have copied the values, select the OVERVIEW TAB

Along with the SECRET you just copied, also copy the CLIENT ID and TENANT ID and store securely for later use.

How LicenseKeep Lite Handles Microsoft Graph Tokens

LicenseKeep Lite uses Microsoft’s secure OAuth 2.0 client credentials flow to connect your WordPress site to Microsoft Graph. You do not need Postman or any manual token steps — the plugin manages everything automatically.

What happens behind the scenes

  • When you enter your Tenant ID, Client ID, and Client Secret in the Configuration tab, LicenseKeep Lite validates them with Microsoft.
  • Once validated, the plugin securely stores your credentials (the Client Secret is encrypted) and requests an access token from Microsoft Graph.
  • This token is used for all communication with Microsoft Lists.

Automatic refresh

  • Tokens expire after about 60 minutes. LicenseKeep Lite checks the token before every request and refreshes it automatically if needed.
  • You never have to re‑enter credentials unless they change in Azure.

Security

  • Your Client Secret is never stored in plain text. It’s encrypted using AES‑256 and kept in your WordPress database.
  • All token requests happen directly between your site and Microsoft Graph. No data is sent to LicenseKeep or any third party.

What you’ll see

  • After validation, you can simply use the plugin — view licenses, add new ones, and refresh data — without worrying about tokens.
  • If credentials become invalid (e.g., you rotate the Client Secret in Azure), the plugin will prompt you to re‑validate.