The APP service plan should meet these requirements

Step 1 – CREATE AZURE WEB APP

1. In the Azure portal, select App Services – Create – Web App.
2. Choose your subscription and the appropriate resource group.
3. Give the web app a name.
4. Under Publish, select Code.
5. Runtime stack is .NET 8 (LTS) ( viflow subscription and viflow 9 ) as of June 12, 2025.
6. Operating system is Windows.
7. Region choose the one that suits you best (Germany is Germany West Central)
8. Create the web app via Review + Create.
9. Now open the web app via Home – Web app name.
10. Open the configuration. 
11. Under Platform, select 64 Bit.
12. To enable upload with an FTP tool (WinSCP, FileZilla, etc.).
    • Enable credentials for SCM basic authentication publishing
    • Activate FTP Basic Authentication Publishing Credentials 

Step 2 – CREATE REGISTRATION FOR ENTRAID

1. Click Microsoft Entra ID.
2. Select App Registrations – New Registration.
3. Give it a name.
4. Under Supported account types, select Only accounts in this organizational directory (- single tenant).
5. Under Redirect URI, select the type Weband enter the following paths:
   • https://name_der_azurewebsite/.auth/login/aad/callback
   • https://name_of_azurewebsite/signin-oidc
6. Complete the setup by clicking Register.
7. Now open Microsoft Entra ID – App Registrations – Name of the created app.
8. Click Authentication.
9. Enable ID tokens.
10. Click Certificates & Secrets.
11. Create a new client secret and note the value (used in Steps 3 and 4 needed).
12. Select Token Configuration – + Add Optional Claim.
    • Token type: ID > add onprem_sid.
13. Select API Permissions and give the Microsoft Graph the following application permissions (administrator approval is required):
    • User.Read (already stored by default)
    • Directory.Read.All
    • Group.Read.All
    • User.Read.All

Step 3 – ASSIGN APP REGISTRATION TO THE WEB APP

1. Open your web app.
2. Select Authentication.
3. Add a new identity providerand configure it as follows:
   1. Identity provider: Microsoft.
   2. App registration type: Specify the details of an existing app registration.
   3. For Application ID (Client), enter the client ID of the app registration (Microsoft Entra ID – App Registrations – App Registration Name – Overview).
   4. For Client Secret, enter the value of the client secret that you noted previously (in step 2).
4. Please leave all other settings as they are.

Step 4 – STORE APP REGISTRATION IN THE WEBMODEL (APPSETTINGS.JSON)

• Export a WebModel with authentication enabled.
  
• In the Azure portal, go to Microsoft Entra ID – App Registrations – App Name – Overview.
• After the successful WebModel export, go to the WebModel folder and open the appsettings.json file with an editor such as notepad++.
• Check if the value under SkipAuthentication is false.
• Edit the file as follows:
  1. Remove the entry for Domain.
  2. Remove the underscore before AzureAd.
  3. For TenantId, enter the directory ID of the app registration.
  4. For ClientId, enter the client ID of the app registration.
  5. For ClientSecret, enter the value of the secret client key (noted in step 2).
  6. Save the changes and close the file.
     The appsettings.json file should then look like this:
     

Step 5 – UPLOAD THE WEBMODEL TO AZURE WEBAPP USING THE FTP TOOL (HERE: WINSCP)

1. Open your Azure Web App overview in the Azure Portal.
2. Navigate to Deployment – Deployment Center.
3. Click the FTPS Login Information tab.
4. Open the FTP tool of your choice and configure it as follows:
   • Transfer protocol: FTP
   • Encryption Explicits: TLS/SSL
   • Server address: the FTPS endpoint from the portal
   • Port number: 21
   • Username: the FTPS username from the portal under Scope
   • Password: the password from the portal under Application area
5. Once the connection is established successfully, the entire contents of the WebModel folder must be uploaded.

Troubleshooting – What should I consider?

1. Save customized appsettings.json file
   • To include the customized appsettings.jsonin the export and to prevent it from being overwritten, it must be stored in the following folder:
     • Open the folder %USERPROFILE%\Documents\viflow
     • Create the Customizations folder and open it
     • Create the folder WebApp , open it and place the customized appsettings.json in it (the path to the appsettings.json should then look like this: %USERPROFILE%\Documents\viflow\Customizations\WebApp
       
       
2. Update the client secret
   • The client secret you created in step 2 must be recreated after a certain period of time, and the value in appsettings.json must be updated. You assign this value in the Azure portal when you create a client secret.
     
     
3. Value of the secret key not recorded
   • If you have not written down the value of the secret client key, simply create a new client key.
     
     
4. WebApp logs
   • If our support requests the web server event log messages, you can find them in the Azure Portal at:Web app name – Diagnostics and troubleshooting – Diagnostic Tools – Application Event Logs.