Adjust eWay-CRM Web Service for Azure Authentication (Office 365)

Important: This manual is for clients who are not using eWay-CRM cloud.

The manual is divided into these steps:

  1. Azure Benefits
  2. Prepare Azure
  3. Prepare eWay-CRM
  4. Activate Integration
  5. Resolving issues

Azure Login Benefits

  • Unified login - there is no need to remember new passwords.
  • If Azure has active two-factor authentication (2FA), this authentication is used for eWay-CRM too.

Prepare Azure

First, you need to create an app Registration in the Azure administration portal. Go to: https://portal.azure.com/.

You need to click Azure Active Directory here.

In the left menu, there is the App registrations option:

 

Create new registration by clicking New registration.

Let´s name the application, for example, eWay-CRM.

In Account types select the Accounts in this organizational directory only option.

As a Redirect URI platform select Web and set value similar to

https://eway.contoso.com/auth/signin-azuread

where https://eway.contoso.com/ is the address of your web service, so you need to edit this example to insert the correct web service address.

Then, go to the Authentication tab.

You need to check the option ID tokens (used for implicit and hybrid flows).

When eWay-CRM web service URL is inside a directory /eWay (eg. https://eway.contoso.com/eWay), it is highly recommended to use both variants of word eWay (capital and non-capital W) as Redirect URI.

In the Overview tab, there are two important details you will need to copy for eWay-CRM configuration:

  • Application (client) ID
  • Directory (tenant) ID

Prepare eWay-CRM

The integration will be possible only in the case you have installed eWay-CRM 7.0 or higher.

Before setting up the Azure authentication itself, you need to rename all your users (change their usernames) in eWay-CRM, so they will be the same as email addresses they are using for logging into their Azure (Office 365) accounts.

Activate Integration

Insert the WebServiceAddress key into the Web.config file of your web service, unless it already exists here. The value should be the same as the web service address as is available for users. The address should end with a slash.

<add key="WebServiceAddress" value="https://eway.contoso.com/" />

Finally, add new keys that contain details from the Overview tab of Azure App Registration from Azure:

<add key="AzureAdTenantId" value="4ae6bf42-8274-4014-b22d-27b5368a5e04" />
<add key="AzureAdClientId" value="02946035-857c-4689-9677-776b3c8f72a4" />

If you have activated login using Active Directory, you need to delete the DomainName key.

Resolving issues

AADSTS900971: No reply address provided.

  • Endpoint signin-azuread is working only after integration is activated. Check that all activation steps has been followed.
  • Web Service URL (and Redirect URI) are case-sensitive. Check that the address is always written the same, so for example you don't have https://contoso.com/eWay/ and https://contoso.com/eway/.