Thereforeâ„¢ Help

To integrate the Thereforeâ„¢ Server into Microsoft Entra ID from the backend, a second custom application needs to be registered manually in the Microsoft Entra ID.

 

The application should be configured to share a 'secret' with Thereforeâ„¢.

 

1.In the Azure portal, go to 'App registrations' and create a new application with the default settings. In this example, it is named 'Thereforeâ„¢ Server Login'. The steps to create an application are detailed in the previous tutorial:

 Tutorial: Configure Thereforeâ„¢ Client Login

2.Go to API permissions, and click 'Add a permission':

3.Select 'Microsoft Graph'.

4.Select 'Application permissions'.

5.Search for and add the following application permissions:

 

•Domain.Read.All

•Group.Read.All

•User.Read.All

6.After adding the permission click 'Grant admin consent for <Organization>'. Click 'Yes' on the confirmation message. Please note that an Admin Account is a prerequisite for this step.

 

8.The status column should show 'Granted for <Organization>'.

9.Go to 'Certificates & secrets' and click 'New client secret'.

Please chose the expiration date that is the best fit for your security policy. We recommend using 24 months so you don’t need to update the secret too often. If the secret expires users will no longer be able to login to Therefore™ so make sure you update the secret before it expires.

 

10.  Go to the 'Overview' section and make a note of the 'Application (client) ID'. It is required for configuring the Thereforeâ„¢ settings. Copy the 'Value' of the client secret. This value is also needed to configure Thereforeâ„¢.

11.  Proceed by configuring Thereforeâ„¢.

 Tutorial: Configure AAD in Thereforeâ„¢