...
9. In the Request API permission form, select Delegated permissions, check user_impersonation, and select Add permissions
...
10. On the API permissions page select Grant admin consent for "org-name" and when prompted choose Yes
11. Select Overview in the navigation panel, record the Display name, Application ID, and Directory ID values of the app registration. You will provide these later in the code sample.
12. In the navigation panel, select Certificates & secrets
13. Below Client secrets, choose + New client secret to create a secret
14. In the form, enter a description and select Add. Record the secret string. You will not be able to view the secret again once you leave the current screen.