Azure AD enables features like SSO and for personalizing the app experiences using existing organization data through APIs. For IT admins, it allows complete control over access to applications and resources utilizing security controls like MFA and conditional access.
Simplify single sign-on. Azure AD supports more than 2,800 pre-integrated software as a service (SaaS) applications.
Yellow Messenger comes pre-built with the ADFS (Active Directory Federation Services) integration and generic OAuth implementation.
If ADFS is enabled for authentication, the bot will redirect the user to the AD (Active Directory) login page, wherein the user will need to provide their credentials and once AD authenticates the user, a callback is triggered by ADFS to YM indicating the success or failure of the authentication. When the authentication is successful, ADFS provides the authentication token along with a refresh token and time to live for the token.
For connecting Azure AD with YM bot, following details need to be obtained using AD App registration:
- Client ID / Application ID
- Tenant ID
- Client Secret
Step 1: Go to portal.azure.com > Active Directory > App Registrations.
Step 2: Register a new app for the chatbot (if not already registered)
Step 3: Copy and Save the Application/Client ID and tenant ID from overview section.
Step 4: Go to Certificates & Secrets > New client secret > Fill the description & select expires to Never, After clicking on Add button a Client Secret will be generated, save the value of the Client Secret.
Step 5: Goto Authentication > Add a platform > Web > Add the redirect url > Save. Redirect-Url: https://app.yellowmessenger.com/integrations/azureauth/
Step 6: Add / Remove permission and Grant Admin consent for the App. Goto API Permissions > Add the required permissions.
|openid, email, profile, User.Read||Used to retrieve login details & their profile using Graph Api|
|offline_access||Required to obtain refresh token|
|User.Read.All||Read profile of all the user in the tenant.|
|Calendars.ReadWrite||Edit User’s calendar / meetings|
Graph Permission: https://docs.microsoft.com/en-us/graph/permissions-reference
- Go to the YM bot > Configuration > Integrations > Azure Active Directory
- Enter the obtained Tenant ID, Client ID, Client Secret
- Enter the API version to v2.0
- Enter the required scope > Save
Obtain Azure AD Login url:
Access Token can be used to get access to resources of allowed applications. Expire time : 1 hour.
Azure allows an expired access-token to be refreshed using the Refresh Token for a maximum period of time of 90 days.
Retrieve user profile using AD refresh token & Graph Api
Other useful Graph APIs:
Graph Explorer: https://developer.microsoft.com/en-us/graph/graph-explorer