Microsoft

Microsoft External Authentication

Microsoft 365 authentication can be configured to authenticate users when logging into the HelpMaster web portal. This is done through a Microsoft App registration that is created in your Azure tenant (by you). HelpMaster will use this app to authenticate the user via OAuth using their Microsoft 365 (M365) account. Your Azure administrator will need to create this App registration and a Client secret (app password) to enable authentication with M365 accounts.

Once this has been created and configured, you will need to copy the app configuration details from your Azure tenant and copy them into the HelpMaster Desktop location, Web toolbar > Web Settings icon > Web logins tab > External Authentication Providers section, so that the HelpMaster web portal can use it to authenticate.

Step 1 - Create and configure your Microsoft HelpMaster Web Portal App

  1. Log in to your Microsoft Azure Portal at portal.azure.com with an administrator account
  2. Navigate to Azure Active Directory > App Registrations
  3. Click New registration
  4. Enter a name. eg. HelpMaster Web Portal
  5. Select either Accounts in this organizational directory only (Your org - Single tenant) or Accounts in any organizational directory (Any Azure AD directory - Multitenant) depending upon the scope you require
  6. Click Register to create the app registration

azure app registration

Once the app has been created, you will need to configure what Graph API permissions it will have access to. The minimum permissions that the HelpMaster web portal requires is access to read user profiles (User.Read) information so as to find the user trying to authenticate.

  1. Click View API Permissions (if you’re still on the initial screen, or API Permissions from the left-side menu)
  2. Click Add a permission
  3. From the Request API permissions panel, click the top panel Microsoft Graph
  4. Click on Delegated permissions at the top and scroll down to the User section and expand it
  5. Select (tick) User.Read (Sign in and read user profile)
  6. Click Add permissions

azure api permissions

Once the API permissions have been granted to the HelpMaster web portal app, you will need to grant consent to use the app within your Azure tenant.

  1. Click Grant admin consent for [Your Organization] link and click Yes to the confirmation prompt

azure admin consent

Step 2 - Create a Client Secret

In order to be able to use the app within HelpMaster, you need to configure a Client Secret for the app.

  1. Click Certificates & secrets from the left-side menu
  2. Click New client secret
  3. A dialog box will appear prompting for a Description of the secret. This is a descriptive label only - it isn’t the secret. Enter the descriptive name and set the expiry to your preference. Note that if the secret expires, M365 authentication of the HelpMaster web portal will stop working. You will then need to create a new secret and re-enter this value into HelpMaster. Click Add

azure client secret

  1. Copy the secret from the Value column - click on the copy icon, or select and copy it manually. Save the secret somewhere safe for pasting into HelpMaster in step 3

azure copy secret

Step 3 - Copy the app details into HelpMaster

The final step is to copy the configuration details from your Azure portal into the HelpMaster Desktop app at Web toolbar > Web Settings icon > Web logins tab > External Authentication Providers section, so that the HelpMaster web portal can use it to authenticate.

  1. Copy the Application (client) ID from the app’s Overview page, to HelpMaster’s Account ID field
  2. Copy the Client secret saved in step 2 into the Account Secret field
  3. Check (tick) the Is Enabled box to enable the provider
  4. Click OK to save your configuration
  5. Test logging into your Helpmaster web portal by clicking the Microsoft button from your web portal logon screen

You should seamlessly log straight into the web portal as long as your Work or school account has been added to Windows. See instructions on how to do this in the first link below.

See also

Add work or school accounts to your PC

Register an application with the Microsoft identity platform

Create a new Microsoft 365 application access policy