Adding Custom Active Directory App Registration

Overview

This Article will detail the process of adding a custom Active Directory App registration. You will need global admin permission in Azure.

Creating the App 

1. Login to portal.azure.com
2. Navigate to Azure Active Directory > App Registrations
3. Click the "+ New registration" button
   
4.  Fill the Register an application form with the following:
   1. Name: input an appropriate name (i.e. PhishingBox AD App)
   2. Supported account type: Accounts in this organizational directory only (Single tenant)
   3. Redirect URI:
      1. Platform: Web
      2. URI: https://<phish_portal_url>/authorize_graph_oauth.php
5. Click "Register"
6. After clicking "Register" you will be redirected to the App's Overview page
7. Navigate to API Permissions
8. Click "+ Add permission" button
   
9. Click "Microsoft Graph"
10. Click "Delegated permissions"
11. Add the following permissions:
    1. Mail.Read
    2. Mail.ReadWrite
    3. offline_access
    4. openid
    5. profile
    6. User.Read
12. Click "Add permissions"
13. Click the "Grant admin consent for {tenant name}" button
    
14. If successful, you should receive green checkmark in the Status column:
    
15. Navigate to the Overview page
16. Copy the Application (client) ID and the Directory (tenant) ID and paste them into a text file (you will need these later)
    
17. Navigate to the Certificates & secrets page
18. Click the "+ new client secret" button
    
19. Input an appropriate description and set expiration to desired value
    

    NOTE: Once the secret expires you will have to update the app with new secret.

20. Click "Add"
21. Copy the value that is generated and add it to the text file created on step 16
    
    

    NOTE: You will no longer be able to copy this file after navigating away from this page

Adding app to PhishingBox

1. In an incognito browser, Browse to the PhishingBox portal
2. Navigate to Administration > Settings > Mail Settings > Custom Active Directory App tab
3. Click the "+ Add Custom App" button
   
4. Input the following values (this is where the text file values come in):
   1. App Name: an appropriate app name (i.e. Azure App)
   2. Client Id: Application (client) ID
   3. Client Secret: Secret
   4. App Type: Single
   5. Tenant Id: Directory (tenant) ID
      

      NOTE: Multi-tenant apps do not need to provide a tenant id.

      
      
5. Click "Create App"
6. Navigate to the Security Inboxes tab
7. Click the "+ Create" button
   
8. For Connection Type, select "Microsoft Active Directory"
9. For Microsoft App, select the app you created (it will appear with the name set on step 4)
10. Click the "Authorize" button:
    
11. If successful, you will be re-directed to a Microsoft login page
    
12. Sign in with the reporting inbox credentials.
13. After signing in you will be redirected back to the PhishingBox and you will see the success message if the inbox adds successfully

Now the Security Inbox is ready to use.

Back to top