Requirements for Generating a Refresh Token

The following requirements must be met for a user to be able to generate the refresh token successfully:

  • The Azure application must be added to the AdminAgents group in the Azure Active Directory.
  • The user who generates the refresh token must be an owner of the Azure application.
  • MFA must be enabled for the user who generates the refresh token.

Configuring a User as the Azure Application Owner

The user who generates the refresh token must be an owner of the Azure application. To do this, complete the following steps:

  1. Go to the corresponding Azure application and click Owners in the left-hand menu.
  2. Click Add owners in the toolbar at the top.
  3. Find the user that you wish to add as an owner and click Select.

Adding the Azure Application to the AdminAgents Group

The Azure application must be added to the AdminAgents group in the Azure Active Directory. To do this complete the following steps:

  1. Click Azure Active Directory in the Azure main menu.
  2. Click Groups and then click the AdminAgents group.
  3. Click Members > Add members.
  4. Find your Azure application in the list and click Select to add it to the AdminAgents group.

MFA Authentication

MFA must be enabled for users who generate the refresh token. Please note that you will only be able to enable MFA for other users if you have the Global Administrator role.

Make sure that you have a Global Administrator role and follow these steps to enable MFA for users who will be generating a refresh token:

  1. Go to Users in Microsoft Azure to see the list of users.
  2. Click Multi-Factor Authentication in the toolbar at the top.
  3. Select the user who will be generating the refresh token and click Enable.

© 2022 Ingram Micro, Inc. All Rights Reserved. Privacy Policy, Terms of Use and Legal