Skip to main content

IT Admin Setup Guide – Connect the ERP to the Core API

This guide describes the steps a Microsoft Entra administrator must complete before a user can sign in from the ERP to the Truvio Core API.

Step 1: Prepare a Service User in Entra

Create (or identify) a dedicated service user in Microsoft Entra ID that will be used to authenticate from the ERP to the Core API.

The service user should be a standard member account in your tenant. Treat the credentials as a shared service identity and store them securely.

As a tenant administrator, open the admin consent link below in a browser and sign in with an account that has permission to grant tenant-wide consent.

https://login.microsoftonline.com/organizations/adminconsent?client_id=95de29a0-1267-472c-ae9f-47e083e0986a&redirect_uri=https://consent.exflow.cloud&state=core.exflow.io

Review the requested permissions and click Accept to grant tenant-wide consent.

After consent is granted, the Truvio application will appear in your tenant under Microsoft Entra ID > Enterprise applications.

Step 3: Assign the Truvio.SubscriptionService App Role to the Service User

  1. Sign in to the Azure portal.
  2. Navigate to Microsoft Entra ID > Enterprise applications.
  3. Locate and open the Truvio application that was consented in Step 2.
  4. Go to Users and groups > Add user/group.
  5. Under Users, select the service user created in Step 1.
  6. Under Select a role, choose Truvio.SubscriptionService.
  7. Click Assign.

Only principals that have been assigned the Truvio.SubscriptionService app role will be able to authenticate to the Core API.

Step 4: Sign In from the ERP with the Service Account

Once the service user has been assigned the app role, open the ERP and sign in with the service account credentials.

The ERP will use the service account to establish the connection to the Core API.

Troubleshooting

  • "Consent required" during sign-in – Confirm that Step 2 was completed by a tenant administrator and that the Truvio application is visible under Enterprise applications.
  • "Access denied" from the Core API – Confirm that Step 3 assigned the Truvio.SubscriptionService role to the correct service user.
  • Incorrect account signed in – Ensure the ERP is signed in with the service user, not a regular user account.