charaf_ed | 2020-03-11 15:36:50 UTC | #1
Hello,
I have already created a topic about this one and here I am asking for help if you have encountered this problem and found a solution.
We set an integration with Microsoft Dynamics 365. AD syncs with a local AD. When we log in to CRM we actually go to another login method which issues a SAML token.
To work around this problem, we created a non-federated account directly on Azure (login : [email@onmicrosoft.com]) , it fixed the problem. but for security purposes, this is not the target solution.
Target solution : Create a federated account directly on the local on-premise AD
I have opened a case and asked if I use the SAML2 Bearer Auth option, will that resolve the problem ? They told me Genesys didn't recommend using SAML2 Bearer OAuth for a data action especially if it is being used in an architect flow because it doesn't have a way to have the association for that token.
Also, The dev team confirm that the 365 integration is at the moment only for verification with Azure AD.
So, Do you have other ideas to resolve this problem ?
Thank you,
CHARAF
charaf_ed | 2020-03-11 15:41:50 UTC | #2
I have found the same issue described in a Microsoft Azure forum https://social.msdn.microsoft.com/Forums/azure/en-US/bc494669-4947-42df-b9c2-15f35cfc0ecd/azure-native-application-registration-issue-with-oauth-from-users-who-are-synced-from-active?forum=WindowsAzureAD
Richard.Schott | 2020-03-13 15:22:32 UTC | #3
Data actions must authenticate against Dynamics 365. The initial authorization request actually goes to login.microsoftonline.com. If authentication is not structured in a manner that this initial request is successful, then the data action will fail. Because Microsoft has numerous configuration options available when it comes to their directory structures, it's nearly impossible for us to support or troubleshoot them all; the path we have explicitly tested and support with regards to authenticating with MS Online is the one that is documented, which you have indicated is successful. I would recommend working with Microsoft support to determine if there are alternative configurations that may be successful with the documented authentication process.
charaf_ed | 2020-03-13 16:25:16 UTC | #4
Thank you
I will continue my investigations with Microsoft Support team.
system | 2020-04-13 16:25:18 UTC | #5
This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.
This post was migrated from the old Developer Forum.
ref: 7318