Step 1 – Create an app registration for Entraid

1. Open the Azure Portal.
2. Click Microsoft Entra ID.
3. Select App Registrations – New Registration.
4. Give it a name.
5. Under Supported account types, select Only accounts in this organizational directory (- single tenant).
6. Under Redirect URI, select the Webtype and enter the following path:
   • https://servername.domain.example/signin-oidc
7. Complete the setup by clicking Register.
8. Now open Microsoft Entra ID – App Registrations – Name of the created app.
9. Click Authentication.
10. Enable ID tokens.
11. Click Certificates & Secrets.
12. Create a new client secret and note the value (used in Step 2 needed).
13. Select Token Configuration – + Add Optional Claim.
    • Token type: ID > add onprem_sid.
    • Select API Permissions and give the Microsoft Graph the following application permissions (administrator approval is required):
      • Directory.Read.All
      • Group.Read.All
      • User.Read.All

Step 2 – STORE APP REGISTRATIONIN THE WEBMODEL (APPSETTINGS.JSON)

• Export a WebModel with authentication enabled.
  
• In the Azure portal, go to Microsoft Entra ID – App Registrations – App Name – Overview.
• After the successful WebModel export, go to the WebModel folder and open the appsettings.json file with an editor such as notepad++.
• Check if the value under SkipAuthentication is false.
• Edit the file as follows:
  1. Remove the entry for Domain.
  2. Remove the underscore before AzureAd.
  3. For TenantId, enter the directory ID of the app registration.
  4. For ClientId, enter the client ID of the app registration.
  5. For ClientSecret, enter the value of the secret client key (noted in step 1).
  6. Save the changes and close the file.
     The appsettings.json file should then look like this:
     
  7. Disable Windows authentication on the IIS web server.
     To do this, you must undo step 5 in the following article:
     ››› Deploying the viflow WebModel with IIS (Internet Information Services)

Troubleshooting – What should I consider?

1. Save customized appsettings.json file
   • To include the customized appsettings.jsonin the export and to prevent it from being overwritten, it must be stored in the following folder:
     • Open the folder %USERPROFILE%\Documents\viflow
     • Create the Customizations folder and open it
     • Create the folder WebApp, open it and place the customized appsettings.json in it (the path to the appsettings.json should then look like this: %USERPROFILE%\Documents\viflow\Customizations\WebApp
       
       
2. Update the client secret
   • The client secret you created in step 1 must be recreated after a certain period of time, and the value in appsettings.json must be updated. You assign this value in the Azure portal when you create a client secret.
     
     
3. Value of the secret key not recorded
   • If you have not written down the value of the secret client key, simply create a new client key.
     
     
4. WebApp logs
   • If our support requests the web server event log messages, you can find them in the Azure Portal at:
     Web app name – Diagnostics and troubleshooting – Diagnostic Tools – Application Event Logs.