Share via

How to Integrate Apigee with Azure Active Directory

Ibrahim Siddiqui (LCL-C) 0 Reputation points
2025-06-09T20:34:34.8233333+00:00

How Clients will obtain an Azure AD access token and send it to Apigee.

How Apigee will validate the token by communicating with Azure AD.

How This will ensure secure authentication and authorization for all API requests.

Microsoft Security | Microsoft Entra | Microsoft Entra ID

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Rukmini 3,841 Reputation points Microsoft External Staff Moderator
    2025-06-12T12:41:14.07+00:00

    Hello Ibrahim Siddiqui (LCL-C),

    Please check this GitHub blog for implementation : https://github.com/rcbj/apigee-jwt-aad-timeapi-proxy

    In Microsoft Entra ID register two apps, one your clients use to get tokens and one that represents your API. Your client posts posts to 

    https://login.microsoftonline.com/{TENANT_ID}/oauth2/token

    with client ID, secret, user credentials and the API’s URI to receive a JWT.

    In Apigee import the proxy from the repo, create an environment cache named signer-cert, update the ServiceCallout policy’s federation metadata URL to point at your tenant, and set claim_iss and claim_aud in the Java Callout policy to your own values.

    Once live, Apigee will fetch Azure’s signing keys, verify each token’s signature, issuer, audience and expiry, and only forward valid requests to your backend.

    Hope this helps!

    If this answers your query, do click Accept Answer and Yes for was this answer helpful, which may help members with similar questions.

    User's image

    If you have any other questions or are still experiencing issues, feel free to ask in the "comments" section, and I'd be happy to help.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.