Install Token Vault on a clean system

Verify that you are performing installation with administrator privileges.
Run TokenVault3.7.exe.
On the Choose setup language screen, select a preferred language (English by default) from the list, and click Next.
On the Welcome screen, click Next.
On the License Agreement (EULA) screen, accept the EULA and click Next.
On the Destination Folder screen, accept the default destination folder, or click Change to specify another folder. Then click Next.
On the Service Credentials screen, specify the service credentials for the Token Vault service. Alternatively, you can select to use LocalSystem credentials.

Specifying service credentials is the recommended option so that you can use Windows or Microsoft Entra ID Integrated Authentication for the database connection. Click Next.
On the Installation Summary screen, review the information and click Install. Otherwise, click Back and modify the configuration.
When the Install Shield Wizard Completed screen opens, click on the link above the Finish button to open Token Vault configuration, and then click Finish to close the installation wizard.

The Token Vault Database Settings page appears in the browser to perform database configuration as the required initial configuration. If you have not clicked on the link described in step 9, you should open Token Vault manually by entering the http://localhost:8380 URL in your browser's address bar.
On the Database Settings page, click Create New to create a new Token Vault database.
On the Create new database page, specify the hostname or IP (and optionally, the instance name) of the SQL Server (Server name) that you are connecting to, along with the database Catalog name. Specify settings related to encryption of network traffic between your SQL Server and Token Vault computer (Use encryption for data and Trust server certificate) according to your SQL Server and environment configuration.
Under the Admin credentials group on the same page, select Authentication type, and specify the credentials (User name and Password) for database creation.
The following authentication types can be selected:
- SQL Server Authentication
- Windows Authentication
- Microsoft Entra ID - Password
- Microsoft Entra ID - Integrated
In case of "Windows Authentication" and "Microsoft Entra ID - Integrated" authentication types, the User name must be specified in DOMAIN\USERNAME format.

The credentials specified are only used during database creation to run the Token Vault SQL scripts on the selected database.
Under the Runtime credentials group on the same page, you can specify a runtime account for the configuration database.
You need to select an Authentication type to determine how the Token Vault service connects to the SQL Server database:
- Via SQL Server Authentication, you can specify an SQL user by entering a User name and Password.
  
  The specified user will be created on the SQL server if it does not exist.
- Via Windows Authentication, using the identity of the account running the Token Vault Windows service.
- Via Microsoft Entra ID - Password, you can specify an existing Microsoft Entra ID user by entering a User name and Password.
  
  Select this option only when you specify an Azure SQL server.
- Via Microsoft Entra ID - Integrated, using the identity of the account running the Token Vault Windows service.
  
  Select this option only when you specify an Azure SQL server, and your local Active Directory is synchronized with Microsoft Entra ID.
The Token Vault service uses these credentials only for runtime connection to the SQL Server.
Click Create & Save to create the database with the specified parameters, and save the database configuration.

If you specified an Azure SQL server, the Token Vault database must be created manually, and only the user and other database objects (such as SQL tables and indices, etc.) will be created when you click Create & Save.
Click Restart service to restart Token Vault Windows service and use the new database.