Live Assist for Microsoft Dynamics 365 (LAD365) requires access to the Dynamics 365 instance and permission to modify data. Access to Dynamics 365 data is provided through various web services in the Dynamics 365 platform.
LAD365 has different applications that each need access to Dynamics 365 during different stages of the application lifecycle. The permissions associated with the applications are listed below. More detail on each permission can be found at Microsoft's Permission Scope article.
Live Assist Installation
This is the application that is used to install LAD365. (See our Installation Guide for details on the install process.)
The Delegated Permissions associated with this app are:
- Microsoft Dynamics 365
- Access CRM Online as organization users
- Microsoft Entra ID (formerly known as Azure Active Directory)
- Access the directory as the signed-in user
- Read directory data
- Sign in and read the user profile
These delegated permissions allow the LAD365 solution to be deployed to the Dynamics 365 instance.
A permission request similar to the one below will appear during installation. You must consent on behalf of your organization and accept, in order for the install to succeed.
Live Assist Console
This is how the Live Assist Administration and Agent Applications identify themselves to Entra ID.
This is presented to the user when they login to the LAD365 Admin Portal for the first time.
The permissions associated with this app are:
- Entra ID (Delegated Permissions)
- Sign in and read the user profile
This Delegated Permission allows the LAD365 solution to identify the user for authentication (SSO) purposes.
The user may be presented with a permission pop-up similar to the one below. The user must accept in order to log in successfully.
Live Assist for Microsoft Dynamics 365 CRM
The LAD365 solution creates an Application User called the CaféX App User (CafeXAppUser@cafex.com). This Application User Identity is granted the Live Assist Administrator role in Dynamics 365. The Live Assist Administrator role allows access to a limited set of permissions that are viewable in the Security Roles view in Dynamics 365.
The Delegated Permissions associated with this app are:
- Microsoft Entra ID
- Sign in and read the user profile
This identity is used between our LAD365 Servers and the Dynamics 365 Servers by the Server-to-Server (S2S) connection to perform the following actions:
- Create and Update Chat Activities
- Get the list of Dynamics 365 Licensed users
- Update the LAD365 roles on a user in line with LAD365 user management
More information on Server-to-Server communication in Dynamics 365 can be found in this Microsoft article.