Performing this task will require the following:
- Portal Owner privileges
- Global Admin privileges on the tenant
The steps outlined in this task will take approximately 15 minutes.
Follow all the steps mentioned below if you plan to use the “Manage License’ functionality available within the Work 365 Self-Service’ Portal.
Note: This feature works only if you have enabled ‘Office 365’ authentication for the Portal.
1) Login to ‘Azure Portal’ using the Global administrator account and click on the ‘Azure Active Directory’ icon within the ‘Azure Services’ section. In case you don’t find the ‘Azure Active Directory’ icon click on ‘More Services’ to the right to enable the same.
2) Click on ‘App Registrations’ on the left-hand navigation menu and then click the ‘+ New Registration’ button on the right-side pane
3) Fill in the App Registration form with the details outlined below:
Name: Dynamics 365 Portals Customer Login (Manage License)
Supported Account Types: Accounts in any organizational directory (Any Azure AD directory - Multitenant)
Redirect URI: Select ‘Web’ in the dropdown and enter your Portal base URL appended with ‘/managelicenses’ in the text box.
E.g.: If your portal URL is ‘https://iotap.microsoftcrmportals.com/’ then the URL to be entered would be ‘https://iotap.microsoftcrmportals.com/managelicenses’
Click on the ‘Register’ button.
4) Within the newly created App click on ‘Authentication’ menu on the left-hand side navigation. On the right-hand pane tick the below checkboxes and hit ‘Save’.
a. Access Tokens
b. ID Tokens
5) Now Click on ‘API Permissions’ on the left-hand side navigation. Click the ‘Add a Permission’ button on the right-hand pane.
6) In the window that pops up click on ‘Microsoft Graph’
7) In the next screen choose ‘Delegated Permissions’.
8) In the section below, expand the ‘Directory’ area and select ‘Directory.ReadWrite.All’ and click the ‘Add Permission’ button.
- Note: These permissions enable customers to assign licenses to their users. When a Global Admin accesses the Manage License page in the portal and grants access, the app will be able to read/write on the customer's tenant, thus enabling them to manage their own licenses.
9) Please Note: This permission needs Admin consent.
If the ‘Grand Admin Consent’ button looks disabled, try refreshing the screen. Once enabled, ensure to hit the ‘Grant admin Consent…’ button.
10) To confirm check the ‘Status’ column in the table below which should now display ‘Granted..’
11) Click on ‘Overview’ on the left-hand side navigation and copy the ‘Application (Client ID)’
12) Login to Dynamics CRM with system administrator credentials and navigate to Portals ➤ Site Settings.
Search for an existing ‘Site Setting’ record with the name ‘Work365 - Application Id’. If you find one, update the record else create a new record with the below values and save the record.
Name: Work365 - Application Id
Website: [Your Portal Website]
Value: The Application (Client ID) copied in step 11 above
13) Navigate to the Sign In page of your portal. You should see a button called “Customer Login”*.
*depending on how you have configured the Azure AD settings
14) Click on the “Customer Login” button and specify an Azure AD login (Work or School account) that is not part of your own Azure AD. Navigate to the ‘Manage License’ page.
15) A consent form is presented the first time whenever any customer logs in.
Please Note: The ‘Manage License’ page on the Portal will not be accessible to any user unless an Office 365 administrator from the same domain (as the logged in user) provides consent.
It is advisable that your customers be informed to login to the Portal with an Office 365 administrator account and browse to the ‘Manage License’ page.
Since the user has administrative privileges, they can choose to “Consent on behalf of the organization”, which suppresses the consent for other users from that organization.
16) Congratulations! Your Dynamics 365 Portal is now configured to manage Office 365 Licenses.