Microsoft Azure Active Directory Integration
Overview
The Oracle CPQ and Microsoft Dynamics 365 user integration supports the use of Microsoft Azure Active Directory to grant application access to user data. This enhancement provides initial functionality in support of a BML integration between Oracle CPQ and Microsoft Dynamics 365. Using Azure Active Directory as the identify provider (IdP), Microsoft Dynamics 365 users can seamlessly access Oracle CPQ using the integration's Single-Sign On (SSO) functionality.
Oracle CPQ supports integration of Microsoft Dynamics 365 plus OAuth via Microsoft Azure Active Directory. Setting up Microsoft Azure SSO without Microsoft Dynamics will introduce unknowns and possibly an undesirable user experience, thus Oracle CPQ does not recommend nor support a Microsoft Azure integration without Microsoft Dynamics 365.
Administration
Locate Your Tenant Name
An organization receives a tenant ID upon signing up for a Microsoft cloud service. The tenant ID is used as a reference in Azure Active Directory and Microsoft Dynamics 365. The tenant name is the domain name of the Azure Active Directory.
Administrators can configure SSO between Azure Active Directory and Oracle CPQ by completing the following steps:
- Locate your tenant name in Azure Active Directory
- Create an app registration in Azure Active Directory
- Define Permissions in Azure Active Directory
- Prepare the Azure App for Oracle CPQ integration
- Prepare Oracle CPQ for Azure App integration
Complete the following steps:
- Log in to Microsoft Azure.
-
Navigate to Azure Active Directory > Domain names.
-
Copy the domain name.
You will use the domain name (i.e. tenant name) when creating an app registration.
Create an Application Registration
Register Microsoft Dynamics 365 in the Azure portal to add the application to the Microsoft Azure Active Directory and create an Application ID. The Application ID allows Microsoft Dynamics 365 to receive access tokens.
Complete the following steps:
- Log in to Microsoft Azure.
-
Navigate to Azure Active Directory > App registrations.
-
Click New application registration.
A dialog for creating the registration opens.
- In the Name field, enter a name for the app registration.
- In the Application type field, enter Web app / API.
-
In the Sign-on URL field, enter the following:
https://<root_domain>/admin/oauth2/dynamics365/oauth_callback.jsp
Note: The Sign-on URL is used to populate the default "Reply URLs".
- Click Save.
Define Permissions
Define the permissions to which the Microsoft Dynamics 365 app requires access.
Select the following options when setting permissions:
- Application Permissions
- Delegated Permissions
- Access CRM Online as organization users
Prepare the Azure Application for Oracle CPQ Application Integration
A Reply URL is the location to which Azure Active Directory sends an authentication response (i.e. token) when authentication is successful. Administrators must specify a Reply URL, which is the URL from which Microsoft Dynamics sales users can access CPQ.
Complete the following steps:
- Log in to Microsoft Azure.
- Navigate to Azure Active Directory > App registrations > Your_pre_existing_app.
- Click Reply URLs.
-
Enter the Reply URL for CPQ, which is typically:
https://<sitename.bigmachines.com>/admin/oauth2/dynamics365/oauth_callback.jsp
- Click Save.
Prepare Oracle CPQ for Azure Application Integration
Administrators must open a Service Request (SR) on My Oracle Support to enable SSO for an Oracle CPQ – Microsoft Dynamics 365 integration. Before doing so, locate the following information and include the information in the SR:
Get the Client Id
A Client ID is a unique ID synonymous with the Application ID that allows Microsoft Dynamics 365 to receive access tokens.
Complete the following steps:
- Log in to Microsoft Azure.
- Navigate to Azure Active Directory > App registrations > Your_pre_existing_app.
-
Copy the Application ID.
Get the Identity Provider URI and Tenant
In an Oracle CPQ – Microsoft Dynamics 365 integration, Microsoft Azure functions as a cloud-based identity and access management solution. The Identity Provider URI is the domain of the Azure Active Directory URL. The tenant is the first path in the Azure Active Directory URL and proceeds the Identity Provider URI. Only the Active Directory URLs specified can authenticate users.
Complete the following steps:
- Log in to Microsoft Azure.
- Navigate to Azure Active Directory > App registrations.
- Click Endpoints.
-
Copy the OAUTH 2.0 AUTHORIZATION ENDPOINT.
- Locate the Identity Provider URI and the tenant.
The Identity Provider URI is the domain of the Azure Active Directory URL and looks similar to:
https://login.microsoftonline.com
The tenant is the first path in the Azure Active Directory URL and looks similar to:
38ef3fd8-dad2-4d94-b186-f508effa50af
Note: The tenant ID shown above and the tenant name referenced in the Locate Your Tenant Name section are interchangeable. Microsoft accepts both the Azure Portal's domain and the ID as acceptable tenants. The values both point to the same location.
Get the Client Secret
SSO between Microsoft Dynamics and Oracle CPQ requires a client secret.
Complete the following steps:
- Log in to Microsoft Azure.
- Navigate to Azure Active Directory > App registrations > Your_pre_existing_app.
- Click Keys.
- Create your key, which will generate your secret.
Provide a description for the key.
Select Never expires from the Expires menu.
Leave the Value field blank.
- Click Save to generate the client secret.
-
Copy the value in plain text and include it in the Service Request (SR) you create on My Oracle Support.
An Oracle support technician will encrypt your client secret.
Note: Administrators must copy the client secret. They cannot access the client secret at a later time.
Get the Resource URI
The Resource URI is the environment to which the app registration has data access, which is either the Dynamics 365 production or sandbox environment.
Complete the following steps:
- Log in to the Microsoft Dynamics 365 site that will use SSO to access CPQ.
-
Copy the URL, trimming off everything except the domain.
For example: https://yoursite.crm.dynamics.com
Notes
In order for the server to be allowed to authenticate on behalf of Oracle CPQ, you will need to log a Service Request (SR) on
My Oracle Support to include the Microsoft Active Directory Federation Service (ADFS) domain name (
https://<your-ADFS-domain-name>/ in the allowlist. You will need to provide the ADFS domain name and Oracle CPQ site name in the SR.
Steps to Enable
After completing the above steps, open a Service Request (SR) on My Oracle Support. Include the following information in the SR:
- Client ID
- Identity Provider URI and Tenant
- Client Secret
- Resource URI
Related Topics
See Also
