# Configure Application User
To configure Application user follow the below steps:
### **Create an App Registration in Microsoft Entra ID (to obtain the three keys)**
* Open the Azure portal for the **Microsoft Entra ID (Azure AD)** tenant that hosts the Dataverse environment (this may be a different tenant than where the container app is deployed).
* Navigate to **Manage → App registrations** and click **New registration.**
* Enter the **application name** and select the first (default) option for supported account types, then click **Register.**
* Copy the Directory (tenant) ID → this becomes d365-tenant-id.
* After the app registration is created:
* Open the application registration and copy the Application (client) ID → this becomes d365-client-id and Copy the Directory (tenant) ID → this becomes d365-tenant-id.\
### **Grant API Permissions for Dynamics CRM**
In the app registration, go to Manage → API permissions → Add a permission. Select Dynamics CRM from the API list.
Choose Delegated permissions and then check **user\_impersonation**, then **click Add permissions**.
Click **Grant admin consent** to apply the permission for the tenant. This ensures the app can call Dynamics CRM APIs as the signed-in user.
### **Create a Client Secret (d365-client-secret)**
In the app registration, go to **Manage → Certificates & secrets → New client secret**. Create a new secret and optionally set its expiry. Click Add.
**Immediately copy the secret value** — this value is shown only once. This copied value is the d365-client-secret you will add to the Container App secrets. **If you leave the page, you cannot retrieve this value later.**
{% hint style="success" %}
For any queries, reach out to us at
{% endhint %}
