Showing posts with label AzureHealthBOT. Show all posts
Showing posts with label AzureHealthBOT. Show all posts

Saturday, 18 April 2020

Configure Azure AD end-user Authentication and Office 365 data access on Azure Health BOT Service via Graph API

Microsoft Health BOT Service is hosted on Azure, and is easily configurable solution that might meet multiple health-related BOT scenarios.

The scenario considered here in this article, helps us to understand how to enable end-user authentication on BOT Service to read Office 365 relevant data. For this POC, Azure AD authentication is considered. Azure AD authentication is best, only when the BOT service provider/organization manages their users entirely on Azure AD. If not the identity and authentication to be changed accordingly.

So in this article, let us understand how to enable end-user authentication on Azure Health BOT service using Azure AD, and read user profile information using Microsoft Graph API.


Enable Azure AD Authentication Flow using Azure AD App configuration


Create an application on Azure AD, and configure the following.
  • Set the required API permissions. In my case, only User.Read under Microsoft Graph delegated type.
  • Set oauth2AllowImplicitFlow to true, under Manifest section or platform configuration section.
  • Under platform configurations, configure the redirect URI (https://bot-api-eu.healthbot.microsoft.com/bot/redirect/oauth2) for health BOT service authentication. 
  • Generate the secret key from certificates & secrets. (Dem81hW@h:Ia07Os/kQEzk-Cr48_SuLm)

Copy the client ID and client secret from this app, to be used in the next sections on Azure Health BOT service configurations.


Configure Azure AD Authentication on Health BOT service


From the health BOT service (https://eu.healthbot.microsoft.com/account/<account-id>), navigate to integration -> authentication.

Authorization URL: https://login.microsoftonline.com/<tenantname>.onmicrosoft.com/oauth2/v2.0/authorize
Access Token URL:  https://login.microsoftonline.com/<tenantname>.onmicrosoft.com/oauth2/v2.0/token

Add new authentication provider with the configurations below.
Azure AAD Authentication configured from the configurations done on Azure AD App
Azure AAD Authentication configured from the configurations done on Azure AD App