Configure Sign-in for WebAgent for Microsoft Teams
Note
An additional Anywhere365 WebAgent license is required.
To enable your organization to the WebAgent, you need to have completed the following steps.
Prerequisites
Note
When using the WebAgent make sure your browser is compatible with your user platform, see: WebAgent Browser Compatibility Overview
-
Before getting started make sure your account is enabled by Anywhere365 to login on the WebAgent. For more information, contact your Anywhere365 representative.
Microsoft 365 – settings
When using Microsoft 365 and Teams, two methods can be followed for granting the appropriate permissions for the Anywhere365 WebAgent (an Azure Enterprise App): Method 1, in which the App is consented upfront by a Global Admin, and Method 2, in which the App is consented as a Teams user when starting the Anywhere365 WebAgent client for the first time (after which a global admin can still consent the App for the entire organisation).
Method 1: Global Admin Consent via a Url (preferred)
Note
If an Admin in your organization has already consented the App in Method 2 below and selected the "Consent on behalf of your organization" in each step, then Method 1 is not required anymore.
Grant admin consent for your Organization:
As an administrator you can grant consent on behalf of all users in this directory, ensuring that each end user will not be required to consent when using the application for the first time. Navigate to below Url in a browser with a global admin account.
https://login.microsoftonline.com/common/adminconsent?client_id=74d56274-d17b-4a8d-8e4f-fa424af82961&redirect_uri=https%3A%2F%2Fwebagent.anywhere365.io%2F
If a user in your organization has already consented to the App personally then below alternative steps allow you to find the App in your AD for granting global Admin Consent that way.
-
Sign into the Azure Portal
-
Navigate to Microsoft Entra ID Formerly known as Azure Active Directory (or Azure AD, or AAD)
-
Navigate to Enterprise applications
-
Search and open Anywhere 365 WebAgent
-
Switch to the Permissions Tab
-
Select Grant admin consent for [Organization]
-
Login using the Microsoft 365 button and approve:
-
Subsequent users using WebAgent will no longer be prompted to consent.
These are the permissions asked for to the Administrator, when they consent on behalf of the organization:
Active Permissions
Description: Allows the app to see and update the data you gave it access to, even when you are not currently using the app. This does not give the app any additional permissions.
Why is this required? This allows the WebAgent to keep signing you in.
Description: Allows the app to see your basic profile (name, picture, user name)
Why is this required? To allow the WebAgent to sign you in and to show basic information like displayname and photo.
Permission name: Microsoft Graph / profile
Description: Allows users to sign-in to the app, and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users.
Why is this required? To allow the WebAgent to sign you in and to show basic information like displayname and photo.
Permission name: Microsoft Graph / User.Read
Description: Allows the app to read a list of people in the order that's most relevant to you. This includes your local contacts, your contacts from social networking, people listed in your organization's directory, and people from recent communications.
Why is this required? To populate the contacts list and lets you search for contacts.
Permission name: Microsoft Graph / People.Read
Description: Allows the app to read a basic set of profile properties of other users in your organization on your behalf. Includes display name, first and last name, email address and photo.
Why is this required? To allow the WebAgent to load additional information about an user, for example Business Phone, Mobile and the photo.
Permission name: Microsoft Graph / User.ReadBasic.All
Note
This permission will be used starting from DC2024.02 and in all subsequent versions. Since the WebAgent utilizes a single enterprise application, this permission applies to all bundle versions.
Description: Allows the app to read the full set of profile properties, reports, and managers of other users in your organization, on behalf of the signed-in user.
Why is this required? To allow the WebAgent to search on additional information about an user, specifically on department and job title.
Permission name: Microsoft Graph / User.Read.All
Description: Allows the app to read your presence information on your behalf. Presence information includes activity, availability, status note, calendar out-of-office message, timezone and location.
Why is this required? To present your presence information into the WebAgent.
Permission name: Microsoft Graph / Presence.Read
Description: Allows the app to read presence information of all users in the directory on your behalf. Presence information includes activity, availability, status note, calendar out-of-office message, timezone and location.
Why is this required? To show you the presence of other users in the contact list.
Permission name: Microsoft Graph / Presence.Read.All
Description: Allows the app to read events in your calendars.
Why is this required? To allow the WebAgent show your calendars events.
Permission name: Microsoft Graph / Calendars.Read
Description: Allows the app to read events in all calendars that you can access, including delegate and shared calendars.
Why is this required? To allow the WebAgent show calendars events shared to you.
Note
You need "Can view all details" permission on the shared calendar.
Permission name: Microsoft Graph / Calendars.Read.Shared
Method 2: Consent via the WebAgent client
Step 1: User Consent Permissions signing in as Teams User:
Note
Your tenant needs to "Allow users consent for apps". If not the only users who have been granted a directory role that includes the permission to grant consent will be able to consent to new apps.
Tip
As Administrator you can consent on behalf of your whole organization. (This check box will only show for the Global Admin role, so Cloud Admin and App Admin will not see this checkbox.)
No one else will be prompted to review these permissions. For more information see Microsoft’s description of the Consent experience on Learn More - Microsoft.
When Microsoft Teams agents are registered in Microsoft 365 and agent accesses the WebAgent for the first time the user needs to approve the WebAgent App to be able to login.
This can be done by following:
-
Login using the Microsoft 365 button and in the new window accept the required permissions requested:
These are the additional permissions asked if you use signs into the WebAgent for the first time and the App is not consented by the Administrator:
Sign you in and read your profileDescription: Allows you to sign in to the app with your organizational account and let the app read your profile. It also allows the app to read basic company information.
Why is this required? To allow the WebAgent to sign you in and to show basic information like displayname and photo.
Permission name: Microsoft Graph / User.Read
Read your relevant people listDescription: Allows the app to read a list of people in the order that's most relevant to you. This includes your local contacts, your contacts from social networking, people listed in your organization's directory, and people from recent communications.
Why is this required? To populate the contacts list and lets you search for contacts.
Permission name: Microsoft Graph / People.Read
Read your presence informationDescription: Allows the app to read your presence information on your behalf. Presence information includes activity, availability, status note, calendar out-of-office message, timezone and location.
Why is this required? To present your presence information into the WebAgent.
Permission name: Microsoft Graph / Presence.Read
Read presence information of all users in your organizationDescription: Allows the app to read presence information of all users in the directory on your behalf. Presence information includes activity, availability, status note, calendar out-of-office message, timezone and location.
Why is this required? To show you the presence of other users in the contact list.
Permission name: Microsoft Graph / Presence.Read.All
Maintain access to data you have given it access toDescription: Allows the app to see and update the data you gave it access to, even when you are not currently using the app. This does not give the app any additional permissions.
Why is this required? This allows the WebAgent to keep signing you in.
-
After this the user can login on https://webagent.anywhere365.io
Step 2: User Consent Authorize for contact (people)list details:
Important
Starting from DC2024.02, you must be a Global Admin to perform this step. This requirement is due to the introduction of User.Read.All, which necessitates Admin Consent.
Note
Your tenant need to "Allow users consent for apps". If not only users who have been granted a directory role that includes the permission to grant consent will be able to consent to new apps.
Tip
As Administrator you can consent on behalf of your whole organization. (This check box will only show for the Global Admin role, so Cloud Admin and App Admin will not see this checkbox.)
No one else will be prompted to review these permissions.
When the user want the use the contact tab for the first time, the user needs to approve the WebAgent App to be able to load additional information.
-
Make sure your are signed into the WebAgent
-
Login using the Microsoft 365 button and approve:
These are the permissions asked if user signs into contacts for the first time and the App is not consented by the administrator:
Note
-
DC2024.01 and lower: Only the “Read all users’ basic profiles” permission is new in this step.
-
DC2024.01 and higher: Both the “Read all users’ basic profiles” and “Read all users’ full profiles” permissions are new in this step.
Sign you in and read your profileDescription: Allows you to sign in to the app with your organizational account and let the app read your profile. It also allows the app to read basic company information.
Why is this required? To allow the WebAgent to sign you in and to show basic information like displayname and photo.
Permission name: Microsoft Graph / User.Read
Read your relevant people listDescription: Allows the app to read a list of people in the order that's most relevant to you. This includes your local contacts, your contacts from social networking, people listed in your organization's directory, and people from recent communications.
Why is this required? To populate the contacts list and lets you search for contacts.
Permission name: Microsoft Graph / People.Read
Read your presence informationDescription: Allows the app to read your presence information on your behalf. Presence information includes activity, availability, status note, calendar out-of-office message, timezone and location.
Why is this required? To present your presence information into the WebAgent.
Permission name: Microsoft Graph / Presence.Read
Read presence information of all users in your organizationDescription: Allows the app to read presence information of all users in the directory on your behalf. Presence information includes activity, availability, status note, calendar out-of-office message, timezone and location.
Why is this required? To show you the presence of other users in the contact list.
Permission name: Microsoft Graph / Presence.Read.All
Read all users' basic profilesDescription: Allows the app to read a basic set of profile properties of other users in your organization on your behalf. Includes display name, first and last name, email address and photo.
Why is this required? To allow the WebAgent to load additional information about a contact, for example Business Phone, Mobile and the photo.
Permission name: Microsoft Graph / User.ReadBasic.All
Read all users' full profilesNote
Introduced in DC2024.02
Description: Allows the app to read the full set of profile properties, reports, and managers of other users in your organization, on behalf of the signed-in user.
Why is this required? To allow the WebAgent to search on additional information about an user, specifically on department and job title.
Permission name: Microsoft Graph / User.Read.All
-
-
After this the user can see additional information about contacts.
Step 3: User Consent Authorize for calendar details:
Note
Your tenant need to "Allow users consent for apps". If not only users who have been granted a directory role that includes the permission to grant consent will be able to consent to new apps.
Tip
As Administrator you can consent on behalf of your whole organization. (This check box will only show for the Global Admin role, so Cloud Admin and App Admin will not see this checkbox.)
No one else will be prompted to review these permissions.
When the user want the use their calendar(s) for the first time, the user needs to approve the WebAgent App to be able to login
-
Make sure your are signed into the WebAgent
-
Login using the Office365 button and approve:
These are the permissions asked if you use signs in calendar for the first time and the App is not consented by the administrator:
Note
Only the "Read your calendars" and "Read calendars you can access" is a new permission in this step.
Sign you in and read your profileDescription: Allows you to sign in to the app with your organizational account and let the app read your profile. It also allows the app to read basic company information.
Why is this required? To allow the WebAgent to sign you in and to show basic information like displayname and photo.
Permission name: Microsoft Graph / User.Read
Read your relevant people listDescription: Allows the app to read a list of people in the order that's most relevant to you. This includes your local contacts, your contacts from social networking, people listed in your organization's directory, and people from recent communications.
Why is this required? To populate the contacts list and lets you search for contacts.
Permission name: Microsoft Graph / People.Read
Read your presence informationDescription: Allows the app to read your presence information on your behalf. Presence information includes activity, availability, status note, calendar out-of-office message, timezone and location.
Why is this required? To present your presence information into the WebAgent.
Permission name: Microsoft Graph / Presence.Read
Read presence information of all users in your organizationDescription: Allows the app to read presence information of all users in the directory on your behalf. Presence information includes activity, availability, status note, calendar out-of-office message, timezone and location.
Why is this required? To show you the presence of other users in the contact list.
Permission name: Microsoft Graph / Presence.Read.All
Read your calendarsDescription: Allows the app to read events in your calendars.
Why is this required? To allow the WebAgent show your calendars events.
Permission name: Microsoft Graph / Calendars.Read
Read calendars you can accessDescription: Allows the app to read events in all calendars that you can access, including delegate and shared calendars.
Why is this required? To allow the WebAgent show calendars events shared to you.
Note
You need "Can view all details" permission on the shared calendar.
Permission name: Microsoft Graph / Calendars.Read.Shared
-
After this the user can use their calendars (own, delegated and shared calendars) in WebAgent.