One of the key benefits of using Live Assist for Dynamics 365 is the "contact record pop" feature. What this means is that Dynamics will automatically "pop open" the contact record for a visitor engaged with an agent in a chat. In order for this to happen, however, the visitor must be authenticated.
The Customer Portal provides authentication out of the box. All that remains to enable the contact record pop is, to tell Live Assist how to access the authentication data. This is done by an administrator in the Live Assist Engagement Portal.
Ensure that you have enabled the Chat functionality in your portal by following this guide: Embedding chat in the Customer Portal
Authentication Data Source
Log in to the Engagement Portal, and navigate to the Campaign Builder. Beneath the campaigns list, you will see a paragraph containing several hyperlinks. Click on the link labeled "Data Sources".
You'll need to configure the Authenticated Server, so click on the "Configure" button next to 'Consumer Identity Providers'.
The Customer Portal uses the Implicit oAuth 2.0 authentication type, so select this item from the radio button list.
Additionally, you'll need to specify the following fields:
- Issuer Display Name - any names will do
- JWT Issuer (iss) - specify your Customer Portal Base URL (e.g. https://liveassist.powerappsportals.com)
- Authentication Endpoint. This is where Live Assist will attempt to fetch authentication data when the chat widget runs in a separate browser window. You should specify it as follows:
- [Customer Portal Base URL]/_services/auth/token
- e.g. https://liveassist.powerappsportals.com/_services/auth/token
- JWT Public Key. This is the key Live Assist will use to validate the authenticity of the provided data.
To fetch the JWT Public Key open a browser open a separate browser, and navigate to [Customer Portal Base URL]/_services/auth/publickey (e.g. https://liveassist.microsoftcrmportals.com/_services/auth/publickey) if you do not see similar to the following please follow the steps below.
However if you do please skip to copying this key
Azure Active Directory - App Registrations
You should see a newly created application it will one named Portals-<NameOfPortal>
Click into the selected portal application then "Certificates and Secrets" you will see a "Thumbprint" Copy the Thumbprint value and keep it somewhere safe.
Note: If you are doing this and your portal is still in a 'trial' mode then the thumbprint will change when you push it to a 'production' version and you will need to change the values accordingly.
Go to your apps address usually https://<orgname>.crmX.dynamics.com/apps
Then go to "Portal Management"
then "Site Settings" then "New"
Then specify values:
- Name: CustomCertificates/ImplicitGrantflow
- Website: The associated website.
(start typing the url for example if my crm portal site was cbasupport.powerappportals.com i would start typing cba and the website should come us as suggested)
- Value: Copy the thumbprint of the uploaded custom certificate from the Manage custom certificate screen and paste it here. The value will indicate which certificate will be used for implicit grant flow.
Select Save & Close.
Then open a separate browser, and navigate to [Customer Portal Base URL]/_services/auth/publickey (e.g. https://liveassist.microsoftcrmportals.com/_services/auth/publickey).
You will need to copy this key and paste it into the JWT Public Key field, but first, you need to remove the line-breaks. You can do this by pasting the key into a text editor, and pressing "Backspace" at the start of each line (below the first one).
Copy the key into the JWT Public Key field, and click "Save".
Now, Live Assist knows how to retrieve authentication data from the Customer Portal, but your chat engagement will not require authentication unless you tell it to. To do this, open your engagement ("Campaign Builder" > "[Your Campaign]" > "[Your Engagement]") and click "Edit" next to the "Engagement" bullet.
This will open the Engagement Studio. In the Engagement Studio "Settings" page. Toggle the "Authentication" switch. Then click "Publish".
You'll know your changes have taken effect when a visitor is redirected to the portal login page when they initiate a chat request.
After being redirected, log in as a portal user, and the chat session will begin. When an agent grabs this chat off the queue, he will see a contact record "pop" for the authenticated visitor.