Skip to main content
CallTower Solutions Center

Setting up Clarity Connect to use Azure AD for Authentication (CT Admin Steps)

Subject

This Knowledge Base Article will provide detailed information on how to configure Azure Active Directory integration with Clarity Connect.

Version of Connect

4.1.x

Pre-requisites

Administrative access to Connect Application servers.

Administrative access to Connect Admin Console.

Administrative access to SQL servers hosting Connect databases.

Completion Time

30 minutes

Reasoning


Follow this guide to enable Azure AD integration with Clarity Connect.

Table of Content

1. Azure Active Directory Authentication VS Windows Authentication

2. Azure Application Registration

3. Connect Application server

3.1. Disable Windows Authentication

3.2. Modification of the Connect Admin Website configuration file

3.3 Modification of the Connect Web Agent Console JavaScript file

4. SQL configuration values

4.1. Connect Runtime requirement

1. Azure Active Directory Authentication VS Windows Authentication

Clarity Connect can be configured to use either AAD authentication or Windows authentication. Please note that it is not supported for a particular set of users to use Windows Authentication while others are using AAD authentication. 

2. Azure Application Registration

To enable the integration between AAD and Clarity Connect, it is necessary to create for the customer to create four registered applications within the Azure Portal.

3. Connect Application servers

Once the Azure configuration is done, the following needs to be performed on the Connect Application servers:

- Disable Windows Authentication

- Modification of the Connect Admin Website configuration file

- Modification of the Connect Web Agent Console JavaScript file

3.1. How to disable Windows Authentication

On all Connect Application servers, perform the following:

1. Open the Internet Information Services (IIS) Manager and on the left-hand side click on the Server name and double-click on Authentication:

1.png

2. Ensure that Anonymous Authentication is Enabled and that all other Authentication types are disabled. Example screenshot:

2.png

3. On the left-hand side, expand the Server name, click on Sites and select the Connect Website:

3.png

4. Repeat steps 3 and 4 for the site selection on every Connect application server.

NOTE: Do not skip this step.

3.2. Modification of the Connect Admin Website configuration file

On all Connect Application servers, perform the following:

1. Navigate to: {ConnectInstallPath}\inetpub\ClarityConnect

2. Open the Web Config file using a text editor.

3. Under the <system.web> section, ensure that the only valid and uncommented <authentication> element is the following:
    <authentication mode="None" />
4. Under the <appSettings> section, update or add the WS_WindowsAuth key value and ensure it is set to false:
    <add key="WS_WindowsAuth" value="false" />

5. Save the changes. Example screenshot:

4.png

 

3.3. Modification of the Connect Web Agent Console javascript file

1. Navigate to {ConnectInstallPath}\inetpub\ClarityConnect\Dashboard

2. Open the preBootstrap.js file in a text editor.
3. Search for the isAzureAdAuthEnabled flag and set it to true: var isAzureAdAuthEnabled = true;

4. Fill in the correct values for the Azure AD configuration object with the Connect Configuration settings shown below:
      var azureAdConfig = {
                      clientId: 'AAD_DashboardApplicationId',
                      tenant: 'AAD_TenantName',
                      webApiResourceUri: 'AAD_WebApiAppIdUri',
                      navigateToLoginRequestUrl: false
                  };

 

Example:

var azureAdConfig = {
                clientId: '01192687-18ab-4bd2-8dc2-0c071c72b695',
                tenant: 'genericodev.onmicrosoft.com',
                webApiResourceUri: 'https://genericodev.onmicrosoft.com/connectWebApi',
                navigateToLoginRequestUrl: false
            };

5.png

 

5. Save the changes to the file.

4. SQL configuration values 

To setup Azure integration, it is necessary to update specific settings in the Connect Runtime dbo.config table. In the attachment is the SQL configuration update script that needs to be executed against Connect Runtime database. By deploying the attached SQL script, the AAD Authentication will be enabled for all users.

Note: The attached SQL script needs to be filled with information gathered from section 1 of this guide.

SQL Worksheet:

Configuration Name    

Configuration Value Examples

AAD_TenantName

domain.onmicrosoft.com

AAD_LoginAuthorityBaseUrl

https://login.microsoftonline.com/

AAD_AdminSiteApplicationId 

e2b08308-0576-43f6-8faa-c659e8b2f6ad

AAD_AdminSiteAppIdUri

api://e2b08308-0576-43f6-8faa-c659e8b2f6ad

AAD_WebApiApplicationId

84ef9edb-ef4d-4845-95b2-6a5d15f4b7a6

AAD_WebApiAppIdUri

api://84ef9edb-ef4d-4845-95b2-6a5d15f4b7a6

AAD_MetricsApplicationId

98eb5584-0b6f-426e-b7e5-d2eac85d3d20

AAD_MetricsAppIdUri api://98eb5584-0b6f-426e-b7e5-d2eac85d3d20
AAD_MetricsAppKey -vR.@/lttg0upa7SXzXAuBf05h.4/1:v

AAD_DashboardApplicationId

4a3d62c5-4fb4-4e33-9fcd-5aa2b0607d83

AAD_DashboardAppIdUri

api://4a3d62c5-4fb4-4e33-9fcd-5aa2b0607d83

WS_WindowsAuth

false

 

4.1. Connect Runtime requirement

During the AAD sign-in process, the Agents will have to log into the Connect Admin Console using their respective UPNs (username@domain.com). It is mandatory that Agents' Login Name is in a UPN format.

Note: Without the UPN formatted Login Name, Agents will not be able to use the AAD Authentication.