Microsoft Entra ID (Azure AD) Authentication

Some of the features in Puzzel's Agent Application requires users to authenticate themselves in Microsoft Entra ID (Azure AD). The authentication is amongst others used to enable the CRM Widget towards Microsoft Dynamics CRM Online but can also be used for authentication towards custom/external widgets.

Configure Microsoft Dynamics App

The following procedure will take you through the steps of configuring Microsoft Dynamics App in Microsoft Entra ID (Azure AD). At the end of this process, you will be given an App ID URI, required by the Agent Application for authenticating the agents.

The screenshots and descriptions below are based on the Azure AD service release "1904" tenant, and the user is a "Global Administrator" with adequate access.

Puzzel has made changes to the Application registration process from the first version to be in line with Microsoft recommendation for registering an app. We have support for user authentication with Authorisation Code Flow with PKCE according to Microsoft guidance. If you have registered with the old method we advise you to migrate to latest method as soon as possible as described below.

For more details on MSAL update from Microsoft read here.

Setting up Microsoft Dynamics App in Azure

Step 1:

Go to https://portal.azure.com and login as Global Admin for your domain. Go to Microsoft Entra ID in the home page and choose App registration from the left menu.

Select App Registrations

Step 2:

Click on the New registration option on the top ribbon menu.

Click New registration

Please note that if you already have Skype for business or Microsoft Teams configured within Azure AD and have an App ID URI, you will only need to add more permissions listed in Step 4. You will not be required to configure a separate Microsoft Dynamics app as the App ID registered for Skype for Business or Microsoft Teams will work.
Step 3:

Fill in the following 3 sections:

  • Name - Choose a name for the application (e.g. Puzzel Dynamics CRM Widget)
  • Supported account types – Choose the option that is relevant for you. The recommended option is “Accounts in this organisational directory only (<directory name>)
  • Redirect URI (optional) – Choose "Single-page application" and ”https://app.puzzel.com/agent/" OR "https://uk.puzzel.com/agentapp/" for UK

Fill in

Click on Register button. Upon successful registration, you will be given Application Client Id which you will need to use in the Admin Portal later.

See given App ID

Step 4:

Select API permissions in the centre panel and click on Add a permission option at the top.

Select Dynamics CRM from the list of API’s, tick the user_impersonation permission and click on Add permissions.

Step 5:

Click on the Grant admin consent for <directory name> at the top and click Yes to confirm.

You should see a "Successfully granted admin consent for requested permissions" confirmation at the top of the screen.

Step 6:

The last thing to do is to choose “Authentication” in the menu and add a Redirect URI if you are not yet using the agent application with Puzzel ID. Add "https://agent.puzzel.com" OR "https://uk.puzzel.com/agent/" for UK.

Add Redirct URI

Click on Save on the bottom.

Migration from old method to latest method authentication:

As mentioned above we highly recommend our customers to migrate to latest method authentication process. It can be done fairly easily by following the 4 steps listed below:

  1. Go to Authentication page and you will see the following warning as shown in the picture.
  2. Click on the warning to open the Migrate URIs window
  3. Select the URI and click on Configure
  4. Add Redirect URI ”https://app.puzzel.com/agent/" OR "https://uk.puzzel.com/agentapp/" for UK as described in step 6 above.
  5. Untick the Access tokens and ID tokens under Implicit grant and save the changes.
Back to Top

Published

Last updated

0
0

Recent documents

Popular documents