Microsoft 365 Azure

Configuring Microsoft 365 Web Authentication for HelpMaster v21 & v22

Microsoft 365 authentication can be configured to authenticate users when logging into the HelpMaster web portal. This is done through a Microsoft App registration that is created in your Azure tenant (by you). HelpMaster will use this app to authenticate the user via OAuth using their Microsoft 365 (M365) account. Your Azure administrator will need to create this App registration and a Client secret (app password) to enable authentication with M365 accounts.

azure app registration Permissions checklist!

To complete this step, you will need:

Once this has been created and configured, you will need to copy the app configuration details from your Azure tenant and copy them into the HelpMaster Desktop location, Web toolbar > Web Settings icon > Web logins tab > External Authentication Providers section, so that the HelpMaster web portal can use it to authenticate. Each web portal user will also have to enable the Microsoft External login option from their Account settings while logged into the web portal.

Step 1 - Create and configure your Microsoft HelpMaster Web Portal App

  1. Log in to your Microsoft Azure Portal at portal.azure.com with an administrator account
  2. Navigate to Azure Active Directory > App Registrations
  3. Click New registration
  4. Enter a name. eg. HelpMaster Web Authentication
  5. Select either Accounts in this organizational directory only (Your org - Single tenant) or another depending upon the scope you require
  6. Under Redirect URI (optional), select the Web platform (Note that this is NOT optional for this configuration)
  7. In the Redirect URIs box, type the base url to your HelpMaster web portal and add /signin-microsoft to the end of it Redirect URI
  8. Click Register to create the app registration

Step 2 - Grant API Permissions

Once the app has been created, you will need to configure what Graph API permissions it will have access to. The minimum permissions that the HelpMaster web portal requires is access to read user profiles (User.Read) information so as to find the user trying to authenticate.

HelpMaster module Functionality Permission Required Permission Type
Web Portal Sign in and read M365 user profile User.Read Delegated
  1. Click View API Permissions (if you’re still on the initial screen, or API Permissions from the left-side menu)
  2. Click Add a permission
  3. From the Request API permissions panel, click the top panel Microsoft Graph
  4. Click on Delegated permissions at the top and scroll down to the User section and expand it
  5. Select (tick) User.Read (Sign in and read user profile)
  6. Click Add permissions
    azure api permissions

Once the API permissions have been granted to the HelpMaster web portal app, you may also grant admin consent for all users within your Azure tenant, so that they do not have to consent themselves. Granting admin consent is not required but each user will have to consent to using their own Microsoft account if admin consent is not granted.

  1. To Grant admin consent for [Your Organization] click the option and Yes to the confirmation prompt
    azure admin consent

Step 3 - Create a Client Secret

In order to be able to use the app within HelpMaster, you need to configure a Client Secret for the app.

  1. Click Certificates & secrets from the left-side menu
  2. Click New client secret
  3. A dialog box will appear prompting for a Description of the secret. This is a descriptive label only - it isn’t the secret. Enter the descriptive name and set the expiry to your preference. Note that if the secret expires, M365 authentication of the HelpMaster web portal will stop working. You will then need to create a new secret and re-enter this value into HelpMaster. Click Add
    azure client secret
  4. Copy the secret from the Value column - click on the copy icon, or select and copy it manually. Save the secret somewhere safe for pasting into HelpMaster in step 4 below
    azure copy secret

Step 4 - Copy the app details into HelpMaster

The final step is to copy the configuration details from your Azure portal into the HelpMaster Desktop app at Web toolbar > Web Settings icon > Web logins tab > External Authentication Providers section, so that the HelpMaster web portal can use it to authenticate.

  1. Copy the Application (client) ID from the app’s Overview page, to HelpMaster’s Account ID field
  2. Copy the Client secret saved in step 2 into the Account Secret field
  3. Check (tick) the Is Enabled box to enable the provider
  4. Click OK to save your configuration

Step 5 - Each user must enable the Microsoft external login

  1. Login to the HelpMaster web portal using built-in or AD authentication
  2. From the My Account drop-down select Account settings followed by External logins
    Account Settings
  3. Click on the Microsoft icon to enable login via your Microsoft 365 account
    Select Microsoft
  4. If “admin consent” wasn’t granted then each user will need to consent at this point. Consent to the web portal app if prompted to do so
  5. Log out from the web portal and test logging back in using the Microsoft button from your web portal logon screen
    Microsoft Auth

If all is configured correctly, clicking the Microsoft icon (from the web portal login screen) should seamlessly log you into the web portal using your Microsoft 365 credentials as long as your Work or school account has been added to Windows. See instructions on how to do this using the first link below.

Revoking Microsoft external login

  1. Login to the HelpMaster web portal

  2. From the My Account drop-down select Account settings followed by External logins
    Account Settings

  3. Click on the Remove button next to the Microsoft registered login

    M365 Web Auth Remove

See also

Microsoft 365 web authentication for HelpMaster v23 and above

Add work or school accounts to your PC

Register an application with the Microsoft identity platform

Create a new Microsoft 365 application access policy