Microsoft 365 Azure

Configuring Microsoft 365 Web Authentication for HelpMaster versions 23 and above

Microsoft 365 authentication can be configured to authenticate users when logging into the HelpMaster web portal. This is done through a Microsoft App registration that is created in your Azure tenant (by you). HelpMaster will use this app to authenticate the user via OAuth using their Microsoft 365 (M365) account. Your Azure administrator will need to create this App registration and a Client secret (app password) to enable authentication with M365 accounts.

azure app registration Permissions checklist!

To complete this step, you will need:

Once this has been created and configured, you will need to copy the app configuration details from your Azure tenant and copy them into the HelpMaster Desktop location, Web toolbar > Web Settings icon > Web logins tab > External Authentication Providers section, so that the HelpMaster web portal can use it to authenticate. Each web portal user will also have to enable the Microsoft External login option from their Account settings while logged into the web portal.

Step 1 - Create and configure your Microsoft HelpMaster Web Portal App

  1. Log in to your Microsoft Azure Portal at with an administrator account
  2. Navigate to Azure Active Directory > App Registrations
  3. Click New registration
  4. Enter a name. eg. HelpMaster Web Authentication
  5. Select either Accounts in this organizational directory only (Your org - Single tenant) or another depending upon the scope you require
  6. Under Redirect URI (optional), select the Web platform (Note that this is NOT optional for this configuration)
  7. In the Redirect URIs box, type the base url to your HelpMaster web portal and add /signin-microsoft to the end of it

Redirect URI

  1. Click Register to create the app registration

Step 2 - Grant API Permissions

Once the app has been created, you will need to configure what Graph API permissions it will have access to. The minimum permissions that the HelpMaster web portal requires is access to read user profiles (User.Read) information so as to find the user trying to authenticate.

HelpMaster module Functionality Permission Required Permission Type
Web Portal Sign in and read M365 user profile User.Read Delegated
  1. Click View API Permissions (if you’re still on the initial screen, or API Permissions from the left-side menu)
  2. Click Add a permission
  3. From the Request API permissions panel, click the top panel Microsoft Graph
  4. Click on Delegated permissions at the top and scroll down to the User section and expand it
  5. Select (tick) User.Read (Sign in and read user profile)
  6. Click Add permissions
    azure api permissions

Once the API permissions have been granted to the HelpMaster web portal app, you may also grant admin consent for all users within your Azure tenant, so that they do not have to consent themselves. Granting admin consent is not required but each user will have to consent to using their own Microsoft account if admin consent is not granted.

  1. To Grant admin consent for [Your Organization] click the option and Yes to the confirmation prompt
    azure admin consent

Step 3 - Create a Client Secret

In order to be able to use the app within HelpMaster, you need to configure a Client Secret for the app.

  1. Click Certificates & secrets from the left-side menu
  2. Click New client secret
  3. A dialog box will appear prompting for a Description of the secret. This is a descriptive label only - it isn’t the secret. Enter the descriptive name and set the expiry to your preference. Note that if the secret expires, M365 authentication of the HelpMaster web portal will stop working. You will then need to create a new secret and re-enter this value into HelpMaster. Click Add
    azure client secret
  4. Copy the secret from the Value column - click on the copy icon, or select and copy it manually. Save the secret somewhere safe for pasting into HelpMaster in step 4 below
    azure copy secret

Step 4 - Copy the app details into HelpMaster

The final step is to copy the configuration details from your Azure portal app registration into the HelpMaster Desktop app at Administration toolbar > System Administration icon > System Integration section > Microsoft Azure navbar > Microsoft external authentication for the web portal section, so that the HelpMaster web portal can use it to authenticate.

  1. Check (tick) the Allow Microsoft external authentication box to enable the provider
  2. Copy the Application (client) ID from the app registration’s Overview page, to HelpMaster’s Application (client) ID field M365 Web Authentication v23+
  3. Copy the Client secret saved in step 3 into the Client secret field
  4. Select What type of Microsoft accounts are allowed to authenticate depending upon the scope you require
  5. If Only Microsoft accounts within an Azure Active Directory (Tenant ID endpoint) is chosen then select the Microsoft Graph national cloud corresponding to your location
    a) Microsoft Graph global service (Default) for all countries except USA & China
    b) Microsoft Graph for US Government L4 for the US national cloud
    c) Microsoft Graph for US Government L5 (DOD) for the US DOD secure cloud
    d) Microsoft Graph China (operated by 21Vianet) for the Chinese national cloud
  6. Click OK to save your configuration

If all is configured correctly, clicking the Microsoft button (from the web portal login screen) should now seamlessly log you into the web portal using your Microsoft 365 credentials as long as your Work or school account has been added to Windows.

Revoking Microsoft external login

  1. Login to the HelpMaster web portal
  2. From the My Account drop-down select Account settings followed by External logins
    Account Settings
  3. Click on the Remove button next to the Microsoft registered login M365 Web Auth Remove

See also

Microsoft 365 web authentication for HelpMaster v21 & v22

Add work or school accounts to your PC

Register an application with the Microsoft identity platform

Create a new Microsoft 365 application access policy