Setup Guide
Connect SignalForge to your Microsoft Sentinel workspace
Prerequisites
- 1.An active Microsoft 365 or Azure subscription
- 2.Microsoft Sentinel workspace with active analytics rules
- 3.Azure AD (Entra ID) administrator access for app registration
Step 1: Register an Application in Entra ID
- Navigate to the Azure Portal → Microsoft Entra ID → App registrations
- Click "New registration"
- Name:
SignalForge - Supported account types: "Accounts in this organizational directory only"
- Redirect URI:
http://localhost:3000/api/auth/callback/azure-ad - Click "Register"
Step 2: Configure API Permissions
- In the app registration, go to "API permissions"
- Click "Add a permission" → "Microsoft Graph"
- Select "Application permissions"
- Add the following permissions:
SecurityIncident.Read.AllSecurityAlert.Read.All
- Click "Grant admin consent" for your organization
Step 3: Create a Client Secret
- Go to "Certificates & secrets"
- Click "New client secret"
- Description:
SignalForge Production - Expiry: 24 months (recommended)
- Copy the secret value immediately — it won't be shown again
Step 4: Gather Required Values
You'll need the following values for your .env file:
From App Registration → Overview
AZURE_AD_CLIENT_ID=<Application (client) ID>From App Registration → Overview
AZURE_AD_TENANT_ID=<Directory (tenant) ID>From Step 3
AZURE_AD_CLIENT_SECRET=<Client secret value>Step 5: Configure SignalForge
- Copy
.env.exampleto.env - Fill in all the values from the previous steps
- Set
NEXTAUTH_SECRETto a strong random string - Restart the application