Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.truu.ai/llms.txt

Use this file to discover all available pages before exploring further.

This guide walks your IT or identity team through connecting TOTAL to your Microsoft Entra ID tenant. When complete, your administrators will sign into TOTAL using their existing Microsoft credentials. Estimated time: 30–45 minutes
Who should do this: Your IT administrator or the person who manages your Azure / Entra ID tenant
What you need before starting: A TOTAL representative will send you a short list of values to enter into Azure. Have that information ready.

What You Are Setting Up

TOTAL uses two Microsoft standards to manage your administrators:
  • OIDC (Single Sign-On) — Your admins click Sign in with Microsoft on the TOTAL login page. Microsoft verifies their identity and sends TOTAL a confirmation. No password is stored in TOTAL.
  • SCIM (Automatic Provisioning) — Azure automatically tells TOTAL when someone joins or leaves your admin group. You never manually create or delete accounts in TOTAL — it stays in sync with your directory.
Administrative access to the TOTAL Threat Console is controlled entirely by group membership in Entra ID. Add someone to the group → they get access. Remove them → access is revoked automatically within 40 minutes.

What Permissions You Need

  1. Applications — To create or manage the TOTAL enterprise app / app registration, set redirect URIs, create a client secret, add Microsoft Graph permissions, and grant tenant-wide admin consent (including application permissions such as GroupMember.Read.All).
  2. Groups — To create security groups, look up users, and add or remove group members (your TOTAL admin group).
  3. Provisioning (SCIM) — To configure enterprise app provisioning to TOTAL (sync job, secrets, schema mapping). This requires Microsoft Entra ID P1 or P2; the Free tier does not support the group-based SCIM provisioning TOTAL uses.
Typical directory roles that cover this work
  • Global Administrator — covers everything above in one role, or
  • Application Administrator + Groups Administrator + Privileged Role Administrator (or another role that can grant tenant-wide admin consent for application permissions — **Application Administrator alone is not enough **for that consent step).

License Requirement

Your organization must be on Microsoft Entra ID P1 or P2 (formerly Azure AD Premium P1/P2). The Free tier and Microsoft 365 Basic do not support automatic group-based provisioning via SCIM. If you are unsure which plan you are on: Azure Portal → Microsoft Entra ID → Overview — your license is listed there.