Integrating Azure AD with LeadSquared Using the ROPC Approach

1. Feature Overview

LeadSquared offers sign-in integration with Azure Active Directory services, using the Resource Owner Password Credential (ROPC) approach. After integration, you won’t need to manage a separate set of credentials for LeadSquared, and can log-in directly with your AD credentials. This integration will also enable you to seamlessly sign in to the LeadSquared mobile app as well.

For information on other ADFS integrations, see ADFS Integration for Signing in to LeadSquared.

Note: When you enable ADFS integration, it is applied by default to all the users in your account. It CANNOT be disabled for specific users.

 

2. Prerequisites

  • You must have a Microsoft Azure Active Directory.
  • You must be an Administrator of your LeadSquared account.
  • You must use the same email Id on Azure and LeadSquared.
  • You must have the API authentication provider enabled on your LeadSquared account. To enable it, please reach out to support@leadsquared.com.

 

3. How it Works

  1. Create an application on Azure.
  2. Grant application access on Azure.
  3. Set up authentication on LeadSquared
  4. Test the application on LeadSquared.

 

4. Create an Application on Azure

Create a new non-gallery application on Azure.

  1. Navigate to the Microsoft Azure portals home page, and under Manage Azure Active Directory, click View.
  2. On the left panel, click Enterprise applications.
  3. On the Enterprise applications page, click New Application.
  4. From the available option, click Non-Gallery Application.
  5. Provide an appropriate name for the application, and click Add.

Azure

 

5. Authenticate Azure Application

To grant application access to the new application you created –

  1. On the Microsoft Azure portals home page, under Manage Azure Active Directory, click View.
  2. On the left panel, click App registrations.
  3. On the App registrations page, click All applications.
  4. Under Display Name, click the application you’ve created.
  5. On the application page, on the left-panel, click Authentication.
  6. On the Authentication page, scroll down to Advanced Settings, and against Default client type, click Yes.
  7. Once you’re done, click Save.

Azure

 

6. Application Permissions on Azure

6.1 Grant Permissions

To grant application permissions to the new application you created –

  1. On the Microsoft Azure portals home page, under Manage Azure Active Directory, click View.
  2. On the left panel, click App registrations.
  3. On the App registrations page, click All applications.
  4. Under Display Name, click the application you’ve created.
  5. On the application page, on the left-panel, click API permissions.
  6. On the API permissions page, click Add a permission.
  7. On the Request API permissions pop-up, click Microsoft Graph, and then click Delegated permissions.
  8. Under Permissions, click the Azure Checkbox checkbox against email and openid.
  9. Once you’re done, click Add permissions. This will successfully grant permissions.

Azure

 

6.2 Grant Admin Access

To grant admin access to the new application you created –

  1. Navigate to the API permissions page, and click Grant admin consent for LeadSquared.
  2. On the confirmation pop-up, click Yes. This will successfully grant admin access.

Azure

 

6.3 Add Users

To add your LeadSquared users on Azure –

  1. On the Microsoft Azure portals home page, under Manage Azure Active Directory, click View.
  2. On the left panel, click Enterprise applications.
  3. On the Enterprise applications page, under the Name column, click the application you’ve created.
  4. On the application Overview page, under Getting Started, click Assign users and groups.
  5. On the Users and groups page, click Add user.
  6. On the Add Assignment page, click Users, then select from the list of users available on the right panel, and click Select.
  7. Once you’re done, click Assign. The user is now successfully added.

Azure

 

7. Authenticate Azure Application in LeadSquared

To authenticate the application you’ve created on LeadSquared-

7.1 Obtain the Client Id from Azure

To obtain the client Id for the application you’ve created –

  1. On the Microsoft Azure portals home page, under Manage Azure Active Directory, click View.
  2. On the left panel, click App registrations.
  3. On the App registrations page, click All applications.
  4. Under Display Name, click the application you’ve created.
  5. On the application page, click Endpoints.
  6. Under OAuth 2.0 token endpoint (v2), click the Azure icon to copy the token.

Azure

 

7.2 Authentication on LeadSquared

To authenticate and activate your Azure application on LeadSquared –

  1. From your LeadSquared main menu, navigate to My Profile>Settings>Security>Authentication Provider.
  2. Against Enable Third Party Authentication Provider, toggle the enable icon slider.
  3. On the Choose Authentication Provider pop-up, select Generic API.
  4. On the Configure Authentication Provider pop-up, enter the details of the Azure API.
Field
 
DescriptionSample Value
Request TypeChoose HTTP request method as POST. This is a mandatory field.NA
API URLSelect either http:// or https:// and enter your Azure API OAuth 2.0 token endpoint (v2) URL here. This is a mandatory field.NA
Content TypeSelect “application/x-www-form-urlencoded” as the content type. This is a mandatory field.NA
Request HeadersYou can pass multiple request headers here. This is not a mandatory field.NA
Request BodyPass the following key-value pairs in the request body.
client_idThe Azure application client id. This is available on the application page, and is called Application (client) ID.a2ae67ff-test-example
grant_type
This is the grant type to capture the password you’ve used to log in to your Azure account.

You must pass the value password

password
usernameThis is the mailmerge value of the email address you’ve used to log in to your Azure account. The mailmerge field will be replaced with the actual email address when you log in.@{User:EmailAddress,}
passwordThis is the mailmerge value of the password you’ve used to log in to your Azure account. The mailmerge field will be replaced with the actual password when you log in.@{User:Password,}
scopeScope must be specified as openidopenid
response_typeThe type of response must be specified as tokentoken
Success KeywordThis is the success keyword that will show up in a successful response. This is a mandatory field.

You must pass the value access_token

access_token
Error KeywordThe error keyword that will show up in an unsuccessful response. This is a mandatory field.

You must pass the value error

error

Azure

 

7.3 Test the Application on LeadSquared

  1. Once you’re done entering the values, click Test.
  2. Enter the password you used to login in to Azure on the verification screen, and click Next.
  3. Once you get the success message, click Enable.
  4. On the Enable Authentication Provider confirmation pop-up, click Yes.
  5. The Azure authentication provider is now enabled on your account. Users can now login to LeadSquared using their Azure AD credentials.

Azure

 

Any Questions?

Did you find this article helpful? Please let us know any feedback you may have in the comments section below. We’d love to hear from you and help you out!

Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments