Step 1: Configure Azure AD server:

• Sign in to Azure portal. Click on App Services and go to Manage Azure Active Directory.

• In the left-hand navigation pane, click the App registrations service, and click New registration.

• When the Create page appears, enter your application's registration information. Enter the Your Application's Base URL as callback URL. When finished, click Register.

• Azure AD assigns a unique Application ID to your application. Copy Application ID and the Directory ID , this will be your Client ID and Tenent ID.

• Go to Certificates and Secrets from the left navigaton pane and click on New Client Secret. Enter description and expiration time and click on ADD option.

• Copy value. This will be your Secret key.

Step 2: Fetch Access token through POSTMAN:

• Open the Postman Application (Here is the link to download Postman Application).
• Go to Authorization tab.
• From the dropdown select type as OAuth 2.0 and  click on Get access token.
• Add the following information from the table below.
• Postman starts the authentication flow and prompts you to use the access token.
• Select Add token to the header.

• Copy the Access Token or click on Use Token.

e8ec210628306b1df26ff61e6b9b3195814a2d79d38a2c7c1dc5836f6ddd7143

Step 3: Fetch Username through Azure AD:

• Choose the method type as "GET".
• Enter the interoception Endpoint from the plugin to fetch the username in the Request URL. For Azure AD it is "https://graph.microsoft.com/v1.0/me".
• Go to the Authorization tab select the Bearer Token and enter the access token here.
• Add the header "content-type: application/json" and click on Send.

     curl
                         -X GET
                         -H "Authorization: Bearer <Access Token>"
                         -H "Content-type: application/json"
                         https://graph.microsoft.com/v1.0/me
                    

Step 4: Configure the Rest API plugin:

Step 1: Enable Rest API Authentication:

• After installing the app, click on Configure to configure plugin.
• Select the Authentication type and navigate to Oauth/OIDC tab, then click on Configure.
• From the drop down select Azure AD as OAuth Provider.
• Enter the attribute value against which we received the username in the Postman response.
• Save the settings.
• Now navigate to the Global Settings tab.
• Here you will have to Enable the Authentication through Enable REST API Authentication and click on Save.

Step 2: Disable Basic Authentication:

• Disabling this will restrict all the REST API call made using Basic Authentication.

Step 5: User Restriction:

Step 1: Group Based Restriction:

• Navigate to User Restriction Tab and then Group Based Restriction.
• Check the Restrict Access to API.
• Enter the Group to allow user to access Rest API.
• Save the settings.

Step 2: IP Restriction:

• Navigate to User Restriction Tab and then IP Restriction.
• Check the Restrict Access to API by IP address.
• Add IP Address or range to allow Rest API.
• Save the settings.

Step 6: Test REST API using access token: