Brief Overview

Microsoft Dynamics 365 is a product line of enterprise resource planning (ERP) and customer relationship management (CRM) intelligent business applications.

Easily integrate the CRM application within WalkMe's Enterprise Search and the new My CRM Tasks widget.

Use Cases

1. Enterprise Search: Search for 4 CRM Dynamics objects- Leads, Contacts, Accounts and Opportunities
2. 'My CRM Tasks' widget: View and access open tasks using the 'My CRM Tasks' widget

Security Overview

The Enterprise Search uses 3rd-party integrations to implement a "federal search". Searches within the menu are backed by an NLP engine, and a graph database that supports a great user experience.

The Enterprise Search doesn't index 3rd-party data on an independently searchable database.

See below sequence diagram describes the searching algorithm:

Notes

1. Cache layer saves results for a period of five minutes
2. Each Adopter Service creates a unique identifier for the results which is meaningless without access to the 3rd-party and stores it in the graph database

3rd-Party Access and Refresh Tokens

To activate the Enterprise Search (and the Personalized Workspace widgets), each employee is required to grant the menu permission to access the 3rd-party.

The granting process is using the OAuth2.0 protocol. Each time a new access token is granted to the menu, the application will encrypt the access and refresh tokens and store it in a remote database.

The encryption process includes a unique private key (“salt”) that is generated for each individual at the very first bootstrap and stored in the local machine Keychain. The salt is irreplaceable and not restorable – losing it causes the access tokens to be voided. This security measure is being taken to eliminate identity spoofing when accessing high-sensitive data.

See the diagram below to review the salt generation and storage flow.

Accessing 3rd-Party Content

Accessing 3rd-party content requires end-user consent, and in some cases, mostly on Microsoft products, an organization admin consent. End-users grant the menu the necessary permission by approving an OAuth2.0 consent screen that is being triggered by them from the menu application (“Third-party apps”).

The third-party apps are being approved and verified by third-parties products. By the end of the granting process, the third-party apps provide access and refresh tokens that are used by the search engine to establish the requests.

See 3rd-Party Access and Refresh Tokens section above for more information about the storing mechanism.

While searching, the search engine forwards the request, before hitting the Adopter Service, through the Token Injector; a service that injects the relevant tokens to accomplish the request. The local private key is being handed off over the search HTTPS request for runtime decryption.

JWT Protection

When an end-user initiates a search query – the WalkMe enterprise search starts a search flow that is being protected by a JWT assigned by WalkMe IdP integration, as part of the end-user signing flow:

The JWT is proxying the user identity and keeping any HTTPS request secured and individual.

All menu requests are protected by a JWT validation.

Grant Administration Consent to WalkMe for CRM Dynamics

1. First, make sure that at-least one person connects CRM Dynamics from your organization. Follow the Installing CRM Dynamics on Menu section below to learn more
2. Then, as an Administrator – navigate to Azure Portal and connect with your Administrator account
3. Once logged in, select Enterprise Applications
4. Select All Applications and pick WalkMe for CRM Dynamics 
   1. It will appear the same as WalkMe for SharePoint flow in the images below, but the app name will be “WalkMe for CRM Dynamics”
5. Select the Permission tab
6. Click on Grant admin consent for {{your organization name}}
7. Once clicked, a popup should appear (be aware if you have a popup disabler installed)
   1. If you're asked to sign in again, use your Administrator account
8. Click Accept on the dialog, confirming organization users to installWalkMe for CRM Dynamics, for personal use
9. Once granted, you'll see a confirmation for each permission on the Application page
   1. Permission required for CRM integration:

Connecting CRM Dynamics on Menu

1. Navigate to the menu Integrations page in the WalkMe Console:
2. Find the CRM Dynamics integration and click Setup
3. Enter the CRM URL that was assigned to you by CRM Dynamics
   How to find your CRM URL

   The CRM URL is part of the URL, for example: https://org31ec4237.crm4.dynamics.com/ the CRM URL will be org31ec4237.crm4

4. Choose if you'd like to enable or disable the My Tasks Widget toggle

   • Enabled: Displays the My Tasks Widget on the menu homepage to end-users

   • Disabled: Does not display the My Tasks Widget on the menu homepage to end-users

5. Click Save and Enable
6. Open the desktop menu by clicking on the widget (on Windows)/ the WalkMe icon (on the Mac menu bar) or by hitting hitting ctrl/cmd+shift+E
7. Click the Settings icon on the bottom-left corner
8. On the Integrations tab, click Connect on the CRM Dynamics card