Enabling Single Sign-On with Microsoft Entra ID (Azure AD)

This guide details the process for configuring Single Sign-On (SSO) for your ChatBeacon platform using Microsoft Entra ID (formerly Azure Active Directory). Enabling SSO allows your operators to securely access the ChatBeacon Operator Application using their existing corporate credentials.

The first step involves configuring the application registration within your Microsoft Entra ID portal.

Register your ChatBeacon application in Entra ID and retrieve the necessary identifiers:

You must specify where Entra ID should send the user after successful authentication:

• Redirect URI: Enter the base URL of your ChatBeacon Operator Application (e.g., https://testchat.test.com/operator/).

  • Note: This same URL must also be specified in your Entra ID portal under: Entra > Applications > App Registrations > App Settings > Authentication > Single-page application Redirect URIs.

• Supported Account Types: On the Authentication page, ensure this is set to: Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant).

The application needs specific permissions to read user profiles for sign-in:

1. Navigate to: Entra > Applications > App Registrations > App settings > API Permissions > Microsoft Graph.

2. Add Delegated Permission: User.Read (Sign in and read user profile).

3. Add Application Permission: User.Read.All (Set the User.Read.All for the Application).

Once the Entra ID application is configured, the Chat Admin will connect the details and enable the service.

Before enabling the integration in the WebAdmin, the Chat Admin must manually edit a file on the application server to include the ChatBeacon Account ID.

• File Path: C:\inetpub\wwwroot\operator\ClientApp\dist\assets\config\scriptsettings.json

• Action: Add the ChatBeacon Account ID to this configuration file.

After the file update, complete the integration in the WebAdmin Portal.

Navigation: WebAdmin > Account > Integrations

1. Enter Credentials: Input the Application (client) ID, Application Client Secret, and Tenant ID retrieved from Microsoft Entra ID.

2. Enable SSO: In the Azure Active Directory section, check the box for Required For Login and click Save.

Before users can log in, you must ensure they have the necessary permissions within both Entra ID and ChatBeacon.

Set the default permissions for all new Entra ID users:

• Navigation: WebAdmin > Account > Integrations > Azure Active Directory > Default permissions

• Action: Check the appropriate sites/queues to define the default access permissions for all future Azure AD users.

Ensure all intended ChatBeacon Operators are registered:

• Action: Add the users who require access to ChatBeacon in your Entra ID portal: Entra > Identity > All Users.

If operators already exist in ChatBeacon, you must link their account to their Entra ID username (email address).

• Navigation: WebAdmin > Operators > [Click on the Operator settings icon]

• Action: Specify the user's Azure AD username (email address) for each Chat Agent or Operator.

The Entra ID integration includes a synchronization feature that manages your operator list based on the linked directory.

Operator Deletion Policy:

If a ChatBeacon Operator has an associated Entra ID email address but is not found in your active Entra ID user list, that operator will be automatically deleted from the ChatBeacon account during the sync process.

Data Retention: Be advised that while the operator's login credentials and profile are removed, their associated chat history and reports will be retained within the ChatBeacon database. Ensure all active operators maintain an active user account in your Entra ID directory.

To verify the integration, direct your operators to the application URL:

• Action: Visit the Operator Application (e.g., https://testchat.test.com/operator/) and log in using your Azure AD credentials.