Microsoft Azure Active Directory Integration

Overview

The Oracle CPQ and Microsoft Dynamics 365 user integration supports the use of Microsoft Azure Active Directory to grant application access to user data. This enhancement provides initial functionality in support of a BML integration between Oracle CPQ and Microsoft Dynamics 365. Using Azure Active Directory as the identify provider (IdP), Microsoft Dynamics 365 users can seamlessly access Oracle CPQ using the integration's Single-Sign On (SSO) functionality.

Oracle CPQ supports integration of Microsoft Dynamics 365 plus OAuth via Microsoft Azure Active Directory. Setting up Microsoft Azure SSO without Microsoft Dynamics will introduce unknowns and possibly an undesirable user experience, thus Oracle CPQ does not recommend nor support a Microsoft Azure integration without Microsoft Dynamics 365.

Administration

ClosedLocate Your Tenant Name

An organization receives a tenant ID upon signing up for a Microsoft cloud service. The tenant ID is used as a reference in Azure Active Directory and Microsoft Dynamics 365. The tenant name is the domain name of the Azure Active Directory.

Administrators can configure SSO between Azure Active Directory and Oracle CPQ by completing the following steps:

  • Locate your tenant name in Azure Active Directory
  • Create an app registration in Azure Active Directory
  • Define Permissions in Azure Active Directory
  • Prepare the Azure App for Oracle CPQ integration
  • Prepare Oracle CPQ for Azure App integration

Complete the following steps:

  1. Log in to Microsoft Azure.
  2. Navigate to Azure Active Directory > Domain names.

    JET Responsive UI Support

  3. Copy the domain name.

    You will use the domain name (i.e. tenant name) when creating an app registration.


ClosedCreate an Application Registration

Register Microsoft Dynamics 365 in the Azure portal to add the application to the Microsoft Azure Active Directory and create an Application ID. The Application ID allows Microsoft Dynamics 365 to receive access tokens.

Complete the following steps:

  1. Log in to Microsoft Azure.
  2. Navigate to Azure Active Directory > App registrations.

    Navigate to Azure Active Directory > App registrations.

  3. Click New application registration.

    A dialog for creating the registration opens.

    New application registration

  4. In the Name field, enter a name for the app registration.
  5. In the Application type field, enter Web app / API.
  6. In the Sign-on URL field, enter the following:

    https://<root_domain>/admin/oauth2/dynamics365/oauth_callback.jsp

    Note: The Sign-on URL is used to populate the default "Reply URLs".
  7. Click Save.

ClosedDefine Permissions

Define the permissions to which the Microsoft Dynamics 365 app requires access.

Select the following options when setting permissions:

  • Application Permissions
  • Delegated Permissions
  • Access CRM Online as organization users
Note: For additional information, refer to the Azure Active Directory documentation.

ClosedPrepare the Azure Application for Oracle CPQ Application Integration

A Reply URL is the location to which Azure Active Directory sends an authentication response (i.e. token) when authentication is successful. Administrators must specify a Reply URL, which is the URL from which Microsoft Dynamics sales users can access CPQ.

Complete the following steps:

  1. Log in to Microsoft Azure.
  2. Navigate to Azure Active Directory > App registrations > Your_pre_existing_app.
  3. Click Reply URLs.
  4. Enter the Reply URL for CPQ, which is typically:

    https://<sitename.bigmachines.com>/admin/oauth2/dynamics365/oauth_callback.jsp

    Enter the Reply URL for CPQ

  5. Click Save.

ClosedPrepare Oracle CPQ for Azure Application Integration

Administrators must open a Service Request (SR) on My Oracle Support to enable SSO for an Oracle CPQ – Microsoft Dynamics 365 integration. Before doing so, locate the following information and include the information in the SR:

ClosedGet the Client Id

ClosedGet the Identity Provider URI and Tenant

ClosedGet the Client Secret

ClosedGet the Resource URI


Notes

In order for the server to be allowed to authenticate on behalf of Oracle CPQ, you will need to log a Service Request (SR) on My Oracle Support to include the Microsoft Active Directory Federation Service (ADFS) domain name (https://<your-ADFS-domain-name>/ in the allowlist. You will need to provide the ADFS domain name and Oracle CPQ site name in the SR.

Steps to Enable

After completing the above steps, open a Service Request (SR) on My Oracle Support. Include the following information in the SR:

  • Client ID
  • Identity Provider URI and Tenant
  • Client Secret
  • Resource URI

Related Topics

Related Topics Link IconSee Also