Integrating Azure AD with LeadSquared

1. Feature Overview

LeadSquared offers sign-in integration with Azure Active Directory services, using the OpenId Connect. After integration, you won’t need to manage a separate set of credentials for LeadSquared, and can log-in directly with your AD credentials. This integration will also enable you to seamlessly sign in to the LeadSquared mobile app as well.

For information on other ADFS integrations, see ADFS Integration for Signing in to LeadSquared.

 

2. Prerequisites

  • You must have a Microsoft Azure Active Directory.
  • You must be an Administrator of your LeadSquared account.
  • You must use the same email Id on Azure and LeadSquared.
  • You must have the Azure AD authentication provider enabled on your LeadSquared account. To enable it, please reach out to support@leadsquared.com.

 

3. How it Works

  1. Create an application on Azure.
  2. Grant application access on Azure.
  3. Set up authentication on LeadSquared
  4. Test the application on LeadSquared.

 

4. Create an Application on Azure

To create a new application on Azure –

  1. Navigate to the Microsoft Azure portals home page, and under Manage Azure Active Directory, click View.
  2. On the left panel, click App registrations.
  3. On the App registrations page, click New registration.
  4. Enter a relevant name for the app.
  5. Under Supported account types, select “Accounts in this organizational directory only”
  6. Once you’re done, click Register.

Azure_OpenId_7

 

5. Authenticate Azure Application

5.1 Application Access

To grant application access to the new application you created –

  1. On the Microsoft Azure portals home page, under Manage Azure Active Directory, click View.
  2. On the left panel, click App registrations.
  3. On the App registrations page, click All applications.
  4. Under Display Name, click the application you’ve created.
  5. On the application page, on the left-panel, click Authentication.
  6. On the Authentication page, click Add a platform, and then click Web.
  7. Enter the default URL – https://login.leadsquared.com/Home/SignInWithSSO, and click Configure.
  8. Depending on your region, enter the following additional URL, and click Configure
    • If your LeadSquared account in the India region – https://login-in21.leadsquared.com/Home/SignInWithSSO
    • If your LeadSquared account is in the USA region –
      https://login-us11.leadsquared.com/Home/SignInWithSSO
    • If your LeadSquared account is in the Singapore region, then only the default URL is required. No additional URL is required.
  9. Once you’re done adding the platforms, scroll down to “enable implicit grant flow”, and select Access tokens and ID tokens by checking the Azure checkbox box.
  10. Click Save.

Azure_OpenId_2

 

5.2 Implicit Access

To grant access to your login email ID –

  1. From the Authentication page, on the left-panel, click Token configuration.
  2. On the Token Configuration page, click Add optional claim.
  3. On the right-panel, under Token type, click ID.
  4. Under Claim, select email and upn by checking the Azure checkbox box.
  5. Once you’re done, click Add.
  6. On the Add optional claim confirmation pop-up, confirm by checking the Azure checkbox box.

Azure_OpenId_3

 

6. Application Permissions on Azure

6.1 Grant Permissions

To grant application permissions to the new application you created –

  1. On the Microsoft Azure portals home page, click App registrations, and then click All applications.
  2. Under Display Name, click the application you’ve created.
  3. On the application page, on the left-panel, click API permissions.
  4. On the API permissions page, click Add a permission.
  5. On the Request API permissions pop-up, click Microsoft Graph, and then click Delegated permissions.
  6. Under Permissions, click the Azure Checkbox checkbox against email, profile and openid.
  7. Once you’re done, click Add permissions. This will successfully grant permissions.

Azure_OpenId_4

6.2 Grant Admin Access

To grant admin access to the new application you created –

  1. Navigate to the API permissions page, and click Grant admin consent for LeadSquared.
  2. On the confirmation pop-up, click Yes. This will successfully grant admin access.

Azure_OpenId_5

 

7. Authenticate Azure Application in LeadSquared

To authenticate the application you’ve created on LeadSquared-

7.1 Obtain Client ID and OpenID from Azure

To obtain the client Id for the application you’ve created –

  1. On the Microsoft Azure portals home page, click App registrations, and then click All applications.
  2. Under Display Name, click the application you’ve created.
  3. On the application page, copy the Application (client) ID.
  4. Then, click Endpoints, and under OpenID Connect metadata, click the Azure icon to copy the token.

Azure_OpenId_6

 

7.2 Authentication on LeadSquared

To authenticate and activate your Azure application on LeadSquared –

  1. From your LeadSquared main menu, navigate to My Profile>Settings>Security>Authentication Provider.
  2. Against Enable Third Party Authentication Provider, toggle the enable icon slider.
  3. On the Choose Authentication Provider pop-up, select Azure AD.
  4. On the Configure Authentication Provider pop-up, enter the Application (client) ID and OpenID Connect metadata, and click Test.
  5. On the Test Authentication Provider window, click Sign in with Azure AD, and on the Microsoft pop-up, enter the password for your Microsoft Azure Id.
  6. Once you’ve signed in successfully, on the Test Authentication Provider window, click Enable.
  7. On the Enable Authentication Provider pop-up, click Yes. Your Azure OpenId login will be authenticated successfully.

Azure_OpenId_9

 

Any Questions?

Did you find this article helpful? Please let us know any feedback you may have in the comments section below. We’d love to hear from you and help you out!

Was this Helpful?