Azure AD as Client Provider in MuleSOFt


Dynamic client registration to configure Azure Active Directory (Azure AD) client management with Anypoint Platform. Using Azure AD as a client provider enables you to authenticate and authorize API consumers with your existing configurations. Azure AD configuration in Anypoint Platform also provides a stateless microservice to convert OAuth 2.0 client application registration requests to requests supported by Azure AD. Lets see how we add Azure AD as client provider in Mulesoft.


To show how we can configure this in Anypoint platform, please follow below steps

Login to Azure portal and click on Active directory


Click on App registration


Click on new registration


Add the details and click register


Copy client id and tenant id


Click on endpoints and copy WS-Federation sign-on endpoint this will act as issuer id in client management configuration


Click on certificate and secrets -> new client secret


Copy the secret value (value will be shown only once so copy and save it to secure location)


Now click on API permission and click add permission


Add all the permission shown as below


Once added click on grant admin access for default directory


With this we are now done with the azure configuration and can now do the required configuration on Anypoint platform

Click Access Management -> Client Providers -> Add Client Provider -> OpenID Connect DCR for Azure


Add the details

IssuerWS-Federation sign-on endpoint

Tenant Id, Client Id and Client Secret from the Azure portal

Azure AD as Client Provider in Mulesoft


Click on Create or Save

Azure AD as Client Provider in Mulesoft


This will create the configuration


Click on the Environment and select the environment where we want to add it as client management and click on update

Azure AD as Client Provider in Mulesoft


Environment configuration is updated now


Now we have add the OAuth policy to our api in Anypoint Manager

Azure AD as Client Provider in Mulesoft


How to connect API manager with runtime application – please see how we can connect the mulesoft application to API Manager

Now we will create the client app to call the employee API

Go to Exchange and select the relevant API and click on Request Access

Azure AD as Client Provider in Mulesoft


Select create new application

Azure AD as Client Provider in Mulesoft


Add the details

Azure AD as Client Provider in Mulesoft


And click on create


Click on Request Access

Azure AD as Client Provider in Mulesoft


It will show the Client ID and Secret


Sometime it might give HTTP 500 error so just retry

Same Client app will be created at the Azure side as well


This show the client app is now dynamically created on Azure side

Now if we call the employee API from postman we can see the error “Access token was not provided”

Azure AD as Client Provider in Mulesoft


Now we will call the Azure AD to get the token

To make a call we have to use below details

  • authorize url:{tenantId}/oauth2/v2.0/authorize
  • token url:{tenantId}/oauth2/v2.0/token
  • client id: {your client id}
  • client secret: {your client secret}
  • scope:

Azure AD as Client Provider in Mulesoft


Will use the token and call the actual employee api


So we can see the clients app are dynamically managed on Azure side.

Sample POSTMAN collection – Azure AD DCR.postman_collection

Thank you for taking out time to read the above post. Hope you found it useful. In case of any questions, feel free to comment below. Also, if you are keen on knowing about a specific topic, happy to explore your recommendations as well.
For any latest updates or posts on our website, you can follow us on LinkedIn. Look forward to connecting with you there.

Share this:
Notify of
Inline Feedbacks
View all comments