Live Assist for Microsoft Dynamics 365 requires access to the Dynamics 365 instance and permission to modify data. Access to Dynamics 365 data is provided through different web services in the Dynamics 365 platform.
Live Assist for Microsoft Dynamics 365 has different applications, which require access to Dynamics 365 during different stages of the application lifecycle. The permissions associated with the applications are listed below and more detail on each permission can be found in the Permission Scope document within Dynamics 365:
https://msdn.microsoft.com/Library/Azure/Ad/Graph/howto/azure-ad-graph-api-permission-scopes
Live Assist for Microsoft Dynamics 365 Signup
This is the application that is used to install Live Assist for Microsoft Dynamics 365.
The Delegated Permissions associated with this app are:
- Dynamics CRM Online
- Access CRM Online as organization users
- Windows Azure Active Directory
- Access the directory as the signed-in user
- Read directory data
- Sign in and read the user profile
These Delegated Permissions allow the Live Assist for Microsoft Dynamics 365 solution to be deployed to the Dynamics 365 instance.
Live Assist for Microsoft Dynamics 365 Console
This is how the Live Assist Administration and Agent Applications identify themselves to Azure AD.
This is presented to the user when they login to the Live Assist Admin Portal for the first time.
The permissions associated with this app are:
- Windows Azure Active Directory (Delegated Permissions)
- Sign in and read the user profile
This Delegated Permission allows the Live Assist for Microsoft Dynamics 365 solution to identify the user for authentication (SSO) purposes.
Live Assist for Microsoft Dynamics 365 CRM
The Live Assist for Microsoft Dynamics 365 solution creates an Application User called the CaféX App User. This Application User Identity is granted the Live Assist Administrator role in Dynamics 365. The Live Assist Administrator role allows access to a limited set of permissions that are viewable in the Security Roles view in Dynamics 365.
The Delegated Permissions associated with this app are:
- Windows Azure Active Directory
- Sign in and read the user profile
This identity is used between our Live Assist for Microsoft Dynamics 365 Servers and the Dynamics 365 Server utilizing the Server-to-Server (S2S) connection to perform the following actions:
- Create and Update Chat Activities
- Get the list of Dynamics 365 Licensed users
- Update the Live Assist for Microsoft Dynamics 365 roles on a user in line with LAD365 user management
More information on Server to Server communication in Dynamics 365 can be found in the Microsoft Dynamics Documentation at:
https://msdn.microsoft.com/en-us/library/mt790170.aspx