Additional Settings for Version 3.0 Note: If you are on version 2.7, and have already done these steps earlier, you only need to follow #5. All other steps can be ignored.
Performing this task will require the following:
- Portal Owner privileges
- Global Admin privileges on the tenant
The steps outlined in this task will take approximately 10 minutes.
1) Open the Microsoft Azure AD portal and log in as a Global Administrator. The URL for Microsoft Azure AD portal is https://aad.portal.azure.com/
2) Once logged in, click on ‘Azure Active Directory’.
3) Now click on ‘App Registrations’ menu. This should open up the list of existing apps on the right-hand panel.
- For Existing Work365 Portal customers- already have an app created for setting up ‘Azure AD’ authentication for the Portal.
- For New Work365 Portal customers OR for customers who still haven’t set up ‘Azure AD authentication- please follow the instructions in the ‘Setting up Azure AD Authentication for Portal’ before proceeding further.
4) Click on ‘Overview’ on the left-hand side navigation. Click on ‘Redirect URI’s hyperlink on the right-hand panel.
5) Create a new ‘Redirect URI’ record. The Redirect URI should be the base URL of your portal appended with “/managelicenses/”
e.g.: if your portal URL is https://iotapsandbox.microsoftcrmportals.com the URL to be entered would be https://iotapsandbox.microsoftcrmportals.com/managelicenses/
Note: If you are on self-service portal v2.7 you may have already added a redirect URL ending with ‘/licenses’. This is no longer required and can be deleted. Ensure that the Access tokens and ID tokens checkbox is ticked.
Save the record.
6) Now Click on ‘App Permissions’ on the left-hand side navigation. Click the ‘Add a Permission’ button and select ‘Microsoft Graph API’.
7) On the next screen select ‘Delegated Permissions’
8) On the next screen select ‘Directory.ReadWrite.All’ permission and hit the ‘Add Permission’ button.
Please Note: This permission needs Admin consent. If the ‘Grand Admin Consent’ button looks disabled, try refreshing the screen. Once enabled, ensure to hit the ‘Grant admin Consent…’ button. To confirm check the ‘Status’ column in the table below which should now display ‘Granted..’
9) Click on ‘Overview’ on the left-hand side navigation and copy the ‘Application (Client ID)’
10) Login to Dynamics CRM with system administrator credentials and navigate to Portals > Site Settings. Create a new Site Setting record with the below values and save the record.
Name: Work365 – Application Id
Website: [Your Portal Website]
Value: The Application (Client ID) copied in step 9 above
Please Note: Due to Changes in the Azure App Permissions, a consent form is presented the first time the customer logs in to the Portal. If the user has administrative privileges, they can choose to “Consent on behalf of the organization”, which suppresses the consent for other users from that organization.