Skip to content
English
Customer Portal
  • There are no suggestions because the search field is empty.

Mavim Azure Enterprise application installation guide

This article explains how to install the required Mavim Cloud enterprise applications in a Microsoft Entra ID tenant using Azure CLI. This process is used while Microsoft’s Enterprise Application Gallery is not accepting new submissions.

Target audience

This guide is for Microsoft Entra administrators, cloud engineers, and technical consultants who install and manage enterprise applications in a customer tenant. Readers should already understand Entra ID concepts, service principals, admin consent, and basic CLI usage.
 

Key information

1. Background

  • Microsoft temporarily paused new Enterprise Application Gallery submissions.
  • Apps cannot be onboarded through the Marketplace UI during this period.

  • Reference: Microsoft Learn – Enterprise Application Gallery Listing

  • The Mavim Cloud applications are therefore installed using Azure CLI and Microsoft Graph.
  • This method is Microsoft supported, requires explicit admin consent, and mirrors the end state of a Gallery‑based installation.

2. Prerequisites

Required Entra roles

You must be one of the following:
  • Global Administrator
  • Application Administrator
  • Cloud Application Administrator
These roles can create service principals, apply tags, and grant admin consent.
 

Required tools

  • Azure CLI
  • PowerShell

Tenant access

  • Ability to sign in to https://portal.azure.com
  • Ability to run az login
  • No Conditional Access blocking CLI sign‑in or admin consent flows

3. Mavim enterprise applications to install

Name Client ID Purpose
Mavim Cloud – Identity Core Access 51fb1b02-5c75-445f-9225-807e50623cd4 Core identity integration between Mavim Cloud and the customer tenant. Required for all Mavim Cloud services. It is required for authentication and authorization across all Mavim Cloud services and must be installed for any Mavim application to function. 
Mavim Cloud – Identity Power Platform Access 2269e636-3dc1-46aa-aff6-0b4a40cc31ba Enables identity‑based authentication for Mavim Cloud and Microsoft Power Platform integrations. It is required when Mavim Cloud is accessed through Power Platform integrations. 
Mavim Cloud – Identity Web Application Access 22720fe1-6437-4a23-819c-55cd6e69c7f3 Provides authentication for Mavim Cloud web applications. It is required to allow users to securely sign in to Mavim-developed web applications.
Mavim Cloud – Identity API Access d7e8c2c2-4dee-4a43-b04a-a80ceab0417b Provides identity‑based access to Mavim Cloud APIs. It is required for applications or services that authenticate to Mavim Cloud APIs using Entra ID. 
Repeat the installation steps for each Client ID.

 

4. Log in to the Azure tenant

Open the Windows Terminal (preferably PowerShell prompt) and login to the Azure tenant by using the command:

Execute command: az login --tenant <TENANT_ID>

Replace the place holder for tenant id with the Microsoft Entra ID’s tenant Id that you would like to have the service principal installed in. Press the “enter” key to see the pop-up prompting for multi factor authentication. Continue to authenticate and complete the process to login to the Azure tenant.

 

 

5. Install the enterprise application

5.1 Create the server principal

In the PowerShell terminal, execute the command as follows to set a variable for ClientId that holds the value of the ClientId of the Enterprise Application/ Service Principal, which can be reused further during subsequent steps.

Execute command: $clientId = “<CLIENT_ID>”

NOTE: Update the placeholder <CLIENT_ID> with the client Id of the enterprise application to be installed (see – List of enterprise applications to install )

 Once you have logged in to the Azure tenant, use the following instructions to install/ register the enterprise application / service principal into the tenant

Execute command: az ad sp create --id $clientId

5.2 Apply required integration tag

To ensure correct classification as an integrated Enterprise Application, execute the following command to apply the “WindowsAzureActiveDirectoryIntegratedApp“ tag.

Execute command: ConvertTo-Json @("WindowsAzureActiveDirectoryIntegratedApp") | Set-Content .temp-body-tags.json

This command creates a json file with content ["WindowsAzureActiveDirectoryIntegratedApp"] in the current location from where the script is being executed. This json file will be used to apply the tag further.

Execute command: az ad sp update --id $clientId --set tags="@.temp-body-tags.json"

This will apply the tag WindowsAzureActiveDirectoryIntegratedApp to the service principal, which in turn will make the Service Principal / Enterprise Application to be visible under “Enterprise Applications” in the Azure Portal in the chosen tenant where the service principal was installed.

6. Grant admin consent (Azure Portal)

  1. Sign in to the Azure Portal.
  2. Go to Microsoft Entra ID, Enterprise applications, All applications.
  3. Search for the installed Mavim Cloud application.
  4. Open Security, then Permissions.
  5. Select Grant admin consent for <TENANT_NAME>.
  6. Confirm the prompt.
Repeat for each installed application. (See – List of enterprise applications to install )
 

7. Validation checklist

Confirm that:
  • The app is visible under Enterprise applications.
  • Permissions appear under Security, Permissions.
  • Permissions show delegated access with admin consent granted.

8. Security, compliance, and FAQ

  • The CLI approach is Microsoft supported.
  • No security controls are bypassed.
  • No secrets or certificates are created.
  • All actions appear in Entra audit logs.
  • Apps will not need to be reinstalled when Microsoft reopens the gallery.
  • Mavim Power Platform Connector v1.0 and v2.0 can run side by side.
  • Do not remove the old enterprise application for v1.0 until Mavim instructs otherwise.

Important notes and warnings

  • Administrator privileges are required.
  • Run all commands in a PowerShell session with Azure CLI installed.
  • Repeat all installation steps for every Client ID.
 
 

© 2025 Mavim. All rights reserved.