You add and configure the PIM application in an instance of Azure AD.

1. In a browser, navigate to https://www.portal.azure.com/ and sign in to the Azure portal.
2. Under the Azure Services heading, click Azure Active Directory.
3. Under the Manage heading, click App registrations.
4. On the App Registrations screen, click New registration.
5. On the Register an application screen, enter the following information:
   1. In the Name field, enter Deltek PIM.
   2. Under Supported account types, select the Accounts in this organizational directory only option.
   3. Under Redirect URI (Optional), select Web, and then enter your customer URL followed by the relative redirection endpoint:

      /XWeb/Security/IdentityProviderCallback.ashx?provider=Microsoft&applicationType=Identity

      Example:

      https://{PIM_Site_URL}/XWeb/Security/IdentityProviderCallback.ashx?provider=Microsoft&applicationType=Identity 

      Important: Microsoft's validation is case-sensitive. This means the letters in the URL after the question mark (`?`) must match exactly.
6. Click Register.
   The application is created in Azure AD, and the properties of the Deltek PIM application are displayed.
7. To copy the tenant and app ID values, do the following:
   1. From App registrations in Azure AD, select the PIM application.
   2. Copy the Directory (tenant) ID and Application ID values to a text file. You will use these values when you configure single sign-on in the PIM application.
8. To configure authentication, do the following:
   1. Under the Manage heading, click Authentication.
   2. On the Authentication screen, under Redirect URIs > Implicit grant and hybrid flows, select the ID tokens (user for implicit and hybrid flows) check box.
   3. Under Redirect URIs > Support account types, select the Accounts in this organizational directory only check box.
   4. Under Advanced Settings > Allow public client flows, select No for the Enable the following mobile and desktop flows setting.
   5. Click Save.
9. To create a client secret, do the following:
   Client secret keys provide additional security, but they are not required for SSO to work in PIM. If you create a client secret with an expiration, you are advised to set a reminder to update the client secret a few weeks before it expires to ensure that users can still continue to log into PIM using SSO. When you update the client secret, you must remember to also update it in the PIM application.
   1. From the App Registrations menu, click Certificates and Secrets.
   2. Click Client secrets > New client secret.
   3. Enter a description, such as Deltek PIM Azure AD, and then select an expiration time.
   4. Click Add.
   5. Copy the client secret value as this will be required when you configure PIM.