Azure AD Skype for Business Authentication Setup

Some features in Puzzel's contact centre agent application requires users (agents) to authenticate themselves in Azure AD. The authentication is among others used to enable search for contacts in Skype for Business but can also be used for Azure authentication towards custom/external widgets.

This document shows a step by step description on how to configure Azure AD to get the required App ID URI required by the agent application in order to authenticate the user (agent) towards Skype for Business.

Configuring Skype for Business App

Follow the below steps for enabling Azure authentication used by Puzzel. After setting up the app in Azure, you must enable S4B in the admin portal described in a separate chapter

The screenshots and descriptions below are based on the Azure AD service release “1904” tenant, and the user is a “Global Administrator” with sufficient access.

Setup for Skype for Business App in Azure

Step 1:

Go to https://portal.azure.com and login with the Global Admin for your domain. Choose “Azure Active Directory” from the list of featured apps

Step 2:

Choose App registrations

Step 3:

Click on the New registration option

Step 4:

Puzzel has recently made changes to the Application registration process to be in line with Microsoft recommendation for registering an app. we have added support for user authentication with Authorization Code Flow with PKCE according to Microsoft guidance. Method 1 is the old way and we advise all our new customers to follow Method 2 described below. While we are still supporting Method 1, we would urge our existing customers to migrate to Method 2 as soon as possible by following the steps described in Step 9.

For more details on MSAL update from Microsoft read here.

Method 1:

 Fill in the following 3 sections:

  • Name - Choose a name for the application (e.g. “Puzzel S4B Connector)
  • Supported account types – Choose the option that is relevant for you. The recommended option is “Accounts in this organisational directory only (<directory name>)
  • Redirect URI (optional) – Choose “Web” and ”https://agent.puzzel.com”
Method 2:

Fill in the following 3 sections:

  • Name - Choose a name for the application (e.g. “Puzzel S4B Connector)
  • Supported account types – Choose the option that is relevant for you. The recommended option is “Accounts in this organisational directory only (<directory name>)
  • Redirect URI (optional) - Choose Single-page application and Hostname : https://agent.puzzel.com

Click on the Register button and you should be able to see the given Application (client) ID you need for the admin portal later.

Step 5:

Choose “API permissions, click on the «Add a permission» button and choose «Skype for Business» in the rightmost pane.

Choose «Delegated permissions» and tick the following check boxes and click on the Add permissions button

  • Contacts.ReadWrite
  • Conversations.Receive
  • Conversations.Initiate
  • User.ReadWrite

Step 6:

Choose API permissions, click on the Add a permission button and choose Azure Active Directory Graph in the right pane.

Choose Delegated permissions and tick the User.Read check box and click on the Add permissions button.

Step 7:

Choose API permissions, click on the Add a permission button and choose Exchange in the right pane.

Choose Delegated permissions and tick the Calendars.Read.All check box and click on the Add permissions button.

Step 8:

Click on the Grant admin consent for <directory name> and click Yes to confirm

You should see a “Successfully granted admin consent for the requested permissions” confirmation at the top of the screen.

Step 9:

The last thing to do is to check “Authentication” for the app. Select Authentication in the left menu.

For Method 1 in step 4

TYPE - Web

Redirect URI - https://agent.puzzel.com/redirect.html

Also, you must tick the ”Access tokens” and “ID tokens” checkboxes under “Implicit grant”.

For Method 2 in step 4, there are no changes to be done and the screen looks like this:

Click on Save on the top.

Migration from Method 1 authentication to Method 2:

As mentioned above we highly recommend our existing customers to migrate to Method 2 authentication process. It can be done fairly easily by following the 4 steps listed below:

  1. Go to Authentication page and you will see the following warning as shown in the picture.
  2. Click on the warning to open the Migrate URIs window
  3. Select the URI and click on Configure
  4. Untick the Access tokens and ID tokens under Implicit grant and save the changes.

Setup for Skype for Business integration in the Puzzel’s admin portal

In the admin portal, you need to add your Azure app details in order to have the Skype for Business functionality work properly.

  1. Add the general agent application authentication properties for your Skype for Business integration. This is done in the admin portal under “Users -> Products -> Agent Application”. The relevant 5 properties are easily found if you enter “Azure” in the top right filter field. If you have registered the app using Method 1 in step 4, the configuration would be as shown below:
    • Azure AD Application ID Add the Azure App ID fetched from the Azure App setup
    • Azure AD Login at startup – Enables to log on to Skype for Business upon signing into the agent application, if authenticated.
    • Azure AD Tenant Add your tenant/domain (without https://) for the directory used for fetching contact information.
    • Azure AD Use agent e-mail as login hint Upon authentication, the user’s e-mail address registered in his or her Puzzel account is suggested.
    • Azure AD use Microsoft identity platform[V2.0][A] - By default this property is turned off to enable the customers using the old method to continue without disruption to their services.

                 If you have registered the app using Method 2 in step 4, do the following:

  • Azure AD Application ID – Add the Azure App ID fetched from the Azure App setup
  • Azure AD Login at startup – Enables to log on to Skype for Business upon signing into the agent application, if authenticated.
  • Azure AD Tenant – Add your tenant/domain (without https://) for the directory used for fetching contact information.
  • Azure AD Use agent e-mail as login hint – Upon authentication, the user’s e-mail address registered in his or her Puzzel account is suggested.
  • Azure AD use Microsoft identity platform[V2.0][A] - Turn this on for Microsoft recommended way of authentication using MSAL.

 

  1. Remember to save your settings
  2. Activate the Skype for Business widget on your solution, if you already haven’t. This is done under Widget -> Widget Administration. Find the Skype for Business widget (Owner 10000) and tick the rightmost belonging to check box
  3.  The Skype for Business widget should now be available under Widget -> Widget Configuration -> Skype For Business. Unless you want to disable Skype for Business for some agents, you should use the default settings
    • Allowed – Enable or disable ”Skype for Business” features for users.
    • Client ID – Not in use. Leave blank.
    • Display authentication prompt – Prompt user for authentication towards Skype for Business, if not already authenticated.
    • Domain – Not in use. Leave blank.
    • Module – System property. Do not change.
    • Unique Source name – System property. Do not change.

                     Remember to save your settings

 Your users should now have access to search for your company’s Skype for Business contacts.

 If not already authenticated, users are prompted to do so when signing in or searching for a contact in the “Skype for Business” search source. They should then sign in with their corporate e-mail address.

Published

04/06/2020 - 16:08

Last updated

13/12/2020 - 17:57
7
0