US English (US)
GB English (UK)

By Appointment to
His Majesty The King
Contact Centre Service Software
Cirrus Response Ltd
Epsom

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

  • Cirrus eLearning
  • Contact Us
English (UK)
US English (US)
GB English (UK)
  • Home
  • Cirrus Connect
  • Administrator
  • Microsoft Azure

Azure Single Sign-On

Written by Keith Winhall

Updated at April 23rd, 2025

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

  • Cirrus Connect
    Agent Supervisor Administrator
  • Cirrus Digital
    Agents Supervisors Administrators API Documentation
  • Release Notes
    Release FAQs Latest Release 2025 2024 2023
+ More

Table of Contents

Introduction How to create Azure App registrations Create an app registration API permissions API permissions (for Personal Contacts) Authentication Stage 1 Stage 2 Stage 3 Edit App Manifest for v2 Token Support Pass to Cirrus

Introduction

This document describes how to set up Azure App registrations for enabling single sign-on in Cirrus' Connect platform:

  • Web Client
  • Web Supervisor 
  • Web Administrator
  • Wallboard 

How to create Azure App registrations

The actions described in this chapter must be executed to enable the login with Microsoft credentials. Separate Azure App registrations for each client are also possible. This offers the option to fine-tune access from users to the applications and will also offer the option to amend the rights that each application has. 

At this moment, the only usage is to authenticate the user. This holds true for all three applications, but there is one exception: If a user wants access to its personal contacts in the WebClient these access rights have to be given to the application.

Create an app registration

  1. Browse to https://portal.azure.com
  2. Search for, and select ‘App registrations’.
  1. Click ‘New registration’.
  1. Fill in the name for the application.
  2. Set the supported account types to ‘Accounts in this organisational directory only’.
  3. Leave the Redirect URI empty.
  4. Press ‘Register’.
  5. Now that the application is created, copy the Application (client) ID, as this has to be set in the Cirrus Connect platform.
  6. (Optional) Repeat the steps to have a separate application ID for each web application (webclient, supervisor, etc).

API permissions

The App registrations require a combination of Application and Delegated permissions in order to work with the Microsoft Graph API:

Application permissions:

  • Group.Read.All
  • User.Read.All

Delegated permissions:

  • User.Read

To give the App registrations the Application ‘Group.Read.All’ permission:

  1. Click on ‘API Permissions’.
  2. Click ‘Add a permission’.
  3. Click ‘Microsoft Graph’.
  4. Click ‘Application permissions’. Here we will configure the Application permissions ‘Group.Read.All’ as an example.
     
  1. Search for ‘Group’.
  2. Expand the Group folder, and select ‘Group.Read.All’.
     
  1. When done, click ‘Add permissions’. 
  2. Now we have the permissions in place for ‘Group.Read.All’ we can repeat the steps to add the remaining API permissions ‘User.Read.All’ and ‘User.Read’.

API permissions (for Personal Contacts)

The App registrations is used to authenticate O365 users, but it is also possible to make available a Users Personal Contacts (created in Office 365) within the WebClient.

In order to do so the ‘Contacts.Read’ Delegated permissions for Microsoft Graph must be added. 

To give the App registrations the Delegated ‘Contacts.Read’ permission:

  1. Click on ‘API Permissions’.
  2. Click ‘Add a permission’.
  3. Click ‘Microsoft Graph’.
  4. Click ‘Delegated permissions’. Here we will configure the Delegated permissions ‘Contacts.Read’.
  1. Search for ‘Contacts’.
  2. Expand the Contacts folder, and select ‘Contacts.Read’
  3. When done, press ‘Add permissions’. 
  4. Now we have the permissions in place.

Authentication

Stage 1

Next, we have to configure the Authentication. 

  1. Browse to Authentication.
  2. Click ‘Add a platform’. 
  1. Select ‘Web’.
  2. Fill in the Redirect URI: https://<YOUR CIRRUS DOMAIN>/webclient/signin-oidc
  3. Press ‘Configure’.

Now that we have provided one redirect URI for the WebClient, we want the Redirect URI for the Supervisor and Administrator applications. Create a new application for it and repeat the steps.  

Make sure that all your redirect URI’s are always completely lowercase because this is case-sensitive in Azure and we will always make sure it is lowercase in the software.

 

Stage 2

Next, we need a secret value to authenticate the App registrations, allowing the application to authenticate users against your Azure Active Directory. 

  1. Click on New client secret to add a new secret and fill in the required fields.
  2. Copy the secret Value and pass to your Cirrus point of contact. 

    NOTE: You will only be able to copy the Secret Value once. If you navigate away from the Azure Portal you will not be able to see the Secret Value again.

     

Stage 3

Next, you need to expose an API by creating a scope for the App registrations, which will allow authenticated users to access Cirrus data through the API. 

  1. Click ‘Expose an API’
  2. Check the ‘Application ID URI’ is populated - the format must be `api:<Application ID>` where Application ID is the ID generated by Microsoft for this App registrations 
  3. Click ‘Add a scope’
  4. Enter ‘Unexus.Access’ as the ‘Scope name’
  5. Toggle the ‘Who can consent’ slider to ‘Admins and users’
  6. Provide a meaningful description to the ‘Admin consent display name’ and ‘Admin consent description’ text fields e.g., Cirrus Connect Access
  7. Toggle the ‘State’ slider to ‘Enabled’
  8. Click Save
  9. Once you’ve added this, you can add this permission under the API permissions menu as a Delegated permissions so that it does not ask your users for consent when they log in.
  10. Click “Grant admin consent for <organisation>".
  11. Select the registered application in the list below under APIs my organisation uses or My APIs.
  12. Once selected, select the created permission “Unexus.Access” and click Add permission.
  13. Click “Grant admin consent for <organisation>".”

Edit App Manifest for v2 Token Support

Lastly, you need to change the Manifest of the App registrations to support v2 Tokens. This can be done as displayed in the screenshot below.

Pass to Cirrus

Now you have the App registrations ready in Azure, please send the following to your Cirrus point of contact:

  1. The Application (client) ID
  2. The Secret Value 
  3. The Directory (tenant) ID and Primary domain

Was this article helpful?

Yes
No
Give feedback about this article

Related Articles

  • Security and Authentication
  • Webchat Handling

Cirrus
Office 126
63 St Mary Axe
London, EC3A 8AA
Tel: 0333 103 3333
Email: cm@cirrusconnects.com

Social: twitter linkedin

Privacy Policy

Postal address
Cirrus
PO Box 708
Epsom, KT17 9RA
Tel: 0333 103 3333
Email: support@cirrusconnects.com

© Copyright Cirrus


Knowledge Base Software powered by Helpjuice

Expand