There are a number of steps that are now required in order to set up Authenticated Web Chats for Messaging.
This article assumes you already have Messaging conversations working on your portal page.
1. Get the certificates associated with your Portal.
a. Login to https://portal.azure.com as the Dynamics System Administrator then go to Azure Active Directory.
b. Select the App registrations on the left panel. Under Owned applications tab, select your portal's name and then copy the Application Client ID. Keep this data since this will be required in the succeeding steps.
c. Select the Certificates & Secrets option on the left panel. Under the Certificates tab, copy the Thumbprint value and keep it safe.
2. Apply the certificate and other site settings to the portal.
a. Login to Dynamics as the Dynamics System Administrator > then go to Portal Management.
b. Select the Site Settings option on the left panel then click New.
c. Input the following values then hit the save button.
Name: CustomCertificates/ImplicitGrantflow
Website: Press the search icon and select the name of your portal.
Value: Copy the thumbprint of the uploaded custom certificate from MS Azure and paste it here. The value will indicate which certificate will be used for implicit grant flow.
d. Click again on the New button. Input the following values then hit save.
Name: ImplicitGrantFlow/RegisteredClientId
Website: Press the search icon and select the name of your portal.
Value: Copy the Application Client ID extracted from the MS Azure and paste it here.
e. Select again the New button. Input the following values then hit save.
Name: ImplicitGrantFlow/{ClientId}/RedirectUri
Website: Press the search icon and select the name of your portal.
Value: Enter your CRM portal address in the following format https://[portalname].powerappsportals.com/ (e.g. https://lad365-stg-eu4.powerappsportals.com/)
3. Place the authentication code on the CRM portals.
a. Select Content Snippets from the Portal Management Page. Go to Content Snippets > Chat Widget Code.
b. Select HTML and paste the following. (Change the CRM portal address)
<scripttype="text/javascript">
lpTag.identities=[];
lpTag.identities.push(identityFn);
function identityFn(callback) {
callback({
iss: 'https://mycrminstance.powerappsportals.com',
acr: 'loa1',
sub: '{{user.contactid}}'
});
}
</script>
4. Configure Consumer Identity Providers in the Supervisor/Engagement Portal.
a. Login to the Engagement Portal > Engage > Campaign Builder. Beneath the campaigns list, there's a section containing several hyperlinks. In this section, click on Data Sources.
b. Select Consumer Identity Providers under the Integrations tab then click on Configure button.
c. The Customer Portal uses the Implicit oAuth 2.0 authentication type, so select this item from the radio button list.
d. In addition, the following fields must be filled:
- Issuer Display Name- any name will do
- JWT Issuer (iss)- specify your Customer Portal Base URL (e.g. https://lad365-stg-eu4.powerappsportals.com)
- Authentication Endpoint. This is where Live Assist will attempt to fetch authentication data when the chat widget runs in a separate browser window. You should specify it as follows:
- [Customer Portal Base URL]/_services/auth/token
- e.g. https://liveassist.powerappsportals.com/_services/auth/token
- JS Method Name. This is the JavaScript method Live Assist will call to fetch authentication data when the chat widget runs embedded in the portal window. Copy the following exactly:
- auth.getAuthenticationToken
- JWT Public Key. This is the key Live Assist will use to validate the authenticity of the provided data.
e. Click the Done button after completing the configuration.
Note: To fetch the JWT Public Key, open a separate browser, and navigate to [Customer Portal Base URL]/_services/auth/publickey (e.g. https://lad365-stg-eu4.powerappsportals.com/_services/auth/publickey)
5. Set up an Authenticated Engagement.
a. Go to Engage > Campaign Builder > [Your Campaign] > [Your Engagement] and then click Edit on the Engagement section.
b. This will open the Engagement Studio. On the Engagement Studio "Settings" page. Toggle the Authentication switch then click Done.
c. This will enable the authentication on this engagement.
d. You'll know your changes have taken effect when a visitor is redirected to the portal login page when they initiate a messaging conversation request.
e. After being redirected, log in as a portal user, and the messaging conversation will begin. Once the agent grabbed this request, he will see a contact record "pop" for the authenticated visitor.