The administrator can enable users to log in to the CRM via Microsoft Entra ID. This feature is available only in the Ultimate and Enterprise pricing plans.
The administrator can enable Microsoft Entra ID login in the Settings » SSO section using the toggle. Then, it is necessary to fill in the Tenant ID, Account ID, and Account Secret, which can be found in their Microsoft account. There is also an option to enforce login via SSO only.
Important: For login via Microsoft Entra ID to work correctly, the user must have the correct email address filled in User settings » Basic information » Primary email.
Administration in Microsoft Entra ID
Administration is done at https://entra.microsoft.com/. Applications can be seen in Applications » App registrations » All applications.
Creating an application
When creating an application, we target applications that are single tenant, meaning exclusively managed by the Microsoft Entra account.
Application configuration
Application (Account) ID is recorded in the CRM configuration as Account ID.
Directory (tenant) ID is recorded in the CRM configuration as TENANT ID.
One of the keys in Account Credentials is recorded in the CRM as Account SECRET (see screenshot below).
Redirect URI must be configured correctly for the environment in which the instance runs. In production, it will be https://app.raynet.cz/oauth2/login/code/entra. If necessary, it is possible to enter other domains where the instance runs (app.raynetcrm.sk, app.raynetcrm.com, eu.raynetcrm.com).
Multiple keys can be created. In the CRM configuration, there is always one.
The key can only be viewed after creation; afterward, it is available only for preview with asterisks.
The default validity of the key is 180 days, maximum 730 days (this will depend on specific security settings in the Entra account). The Account is responsible for the proper rotation of the key and its update in the CRM.