Skip to main content
Before beginning, ensure that you have:
  1. Administrative permissions for both the Microsoft Entra admin center and the TruU Admin Console
  2. Both portals open in separate browser tabs to facilitate the transfer of credentials.

Microsoft Entra ID Configuration

  1. Navigate to your Microsoft Entra ID admin center and select the App Registrations tab under the Applications drop down menu
  1. Go to New Registration
  1. Set the user-facing display TruU and click Register at the bottom when done. Note: This can be changed later.
  1. Now, navigate back to the Entra ID Admin page and select API permissions
  1. Next, select Add a permission and choose Microsoft Graph
  1. Select Application Permissions
  1. Select Application permissions and grant admin consent for the following specific requirements:
  • Device.Read.All
  • Group.Read.All
  • Directory.Read.All
  • User.Read (User.Read is enabled by default, as Delegated , ensure admin consent is granted. If missing, add with Delegated permission.)
  • User.Read.All
  • UserAuthenticationMethod.Read.All
  • Application.Read.All
  • User.AuthenticationMethod.ReadWrite.All.*
Please ensure all Permissions Names, Types, and Status match the following screenshot.
  1. Navigate to Certificates & secrets, select New client secret, and enter “TruU” as the description. Set the expiration to your preference; a 12-month duration is recommended.
  1. After adding the secret, immediately copy the entry in the Value column and save it. This value is required for the integration in the TruU Admin Console and will not be accessible again once you leave the page.

TruU Admin Console Configuration

  1. In the TruU Admin console, go to Directory
  1. On the top left, click the blue ’+’ option to add a directory.
  1. Navigate to the drop-down menu and select Entra ID.
  1. Set a Configuration Name along with the domain name (your Entra ID domain) of the directory that you will be integrating
  1. Select if all your users have UPN suffixes that end with the domain name
  1. Go back to the Entra ID Admin Center and locate the Application (client) ID and the Directory (tenant) ID on the application’s overview page. Copy and paste the:
  • Directory(Tenant ID)
  • Application Client ID
  • Application Client Secret Value (copied and saved from Step 9)
  1. Choose True or False to determine if the system should automatically unenroll or remove devices based on user status changes in the directory, then click Save
  1. You will be prompted with the following pop-up, which will redirect you to the Global Attributes Tab. Select Go Now
  1. Click on the Gear icon on the top right. Select your Primary User Identifier (typically “mail”) to be used for lookups and diagnostics, then click Save.
  1. Navigate to “Identity Servers”> Cluster. Under Directory Connection, select your directory and Click Save.
Verification: Allow the system 2–3 minutes to run diagnostics. Once the status displays as “Healthy,” the integration is complete
What’s Next Your directory integration is now finished. Next, you will need to set up your CBA (Certificate-Based Authentication).