Giving someone access to TOTAL
Add them to the appropriate TOTAL group in Entra ID. Azure will sync the change to TOTAL within ~40 minutes. No action needed in TOTAL itself.Removing someone’s access
Remove them from the TOTAL group in Entra ID. Azure will sync within ~40 minutes and their TOTAL account will be deactivated. Their active session will be terminated on their next request.Need it done immediately?
Azure Portal → Enterprise applications → TOTAL → Provisioning → Provision on demand → search for the group name → Provision. This syncs the group and all its members instantly. Azure Portal → Enterprise applications → TOTAL → Provisioning → Provision on demand → search for the user’s name → Provision. TOTAL will verify their group membership via Microsoft Graph and grant access instantly.Note: “Provision on demand” for an individual user only updates their profile (name, email). To add or remove access, always provision the group. Note: You can also provision the group on demand — Azure will send TOTAL a membership update for all members in that group.
When your client secret expires
Client secrets expire based on the duration you set in Part 1. When it expires, sign-in will stop working. To rotate it:- Create a new secret in the App registration → Certificates & secrets
- Send the new value to your TOTAL representative via secure channel
- Delete the old secret after TOTAL confirms the update