External users

From Resco's Wiki
Jump to navigation Jump to search

When creating app projects in Woodford, you can set up which customizations users will get. For example, the app for sales representatives contains custom information relevant to their work, and the app for technicians can include different information. Both of these groups are usually internal employees.

Woodford also allows for the creation of a custom app for external users, either those belonging to a particular CRM entity like Partners or completely anonymous access with no authentication like Customers.

Licensing

If you want mobility for external users in Microsoft Dynamics 365 or Microsoft Power Platform, check and verify your licensing status with Microsoft to confirm you have the appropriate permissions and access for your products. You can do this through your Microsoft account or by contacting Microsoft Support directly for assistance.

See also Microsoft's New definition of "External Users" effective October 1, 2024.

Prefer reading? Takeaways from the webinar Blog

Anonymous external users

With anonymous external users, all users will access the same content in the app. For example, the app can serve as a marketing channel, offering universal information about your products and services.

  1. In your backend server, for example Microsoft Dynamics, set up a new common user.
    • Define a security role for this user. Either create a new security role, or assign an existing role with permissions that match the access level you want to grant to app users.
    • Disable multi-factor authentication for this user.
  2. In Woodford, create a new app project:
    • Set Type to Anonymous External User.
    • Server Alias is an identifier of your project. It must be globally unique among all external/anonymous projects. If you cannot save a new external project, it usually means that the alias is already taken. It must contain letters only.
    • CRM External URL: Specify the URL of your CRM.
    • CRM User is the user (license) used to access the CRM. It is the common user you created in step 1.
    • Password is the password of the CRM user.
      • You can also hide the sync dialog in your app, so the users don't need to fill in the information and connect automatically.
  3. Customize the project in Woodford to further define what the external users can see and edit. And to make sure that the app will represent your company's visual identity.

Synchronization in Resco mobile apps

Anonymous external users must enter Server Alias from Woodford as the URL in the synchronization window of Resco mobile apps.

External users: Synchronizing with anonymous external project

Web access for anonymous users

On Resco Cloud, anonymous external users can use the web app to access the project. Use the following link:

https://portal.resco.net/{alias}

You can also link directly to a particular record, for example:

https://portal.resco.net/{alias}/#entity=task&id=831ddd3a-f9b1-4954-bf7c-c9536b30994f

External (portal) users

External portal users need to log in access the app. This allows them to access your CRM content tailored specifically for them.

  1. In your CRM, for example Microsoft Dynamics, set up a new common user. Define a security role for this user. Either create a new security role, or assign an existing role with permissions that match the access level you want to grant to app users.
  2. Select an entity (standard or custom) that has fields for storing the user name and password of external users.
  3. In Woodford, create a new app project:
    • Set Type to External (Portal) User.
    • Server Alias is an identifier of your project. It must be globally unique among all external/anonymous projects. External users must enter alias as URL in the synchronization window of Resco Mobile CRM app. If you cannot save a new external project, it usually means that the alias is already taken. It must contain letters only.
    • CRM External URL: Specify the URL of your CRM.
    • CRM User is the user (license) used to access the CRM. It is the common user you created in step 1.
    • Password is the password of the CRM user.
    • Authentication Entity is the entity where the fields with user name and password are stored.
    • Password Format: Specify how the password is stored. Depending on your selection, the relevant password fields appear:
    If you select Hash:
    • User Name Field is the field on the authentication entity where the user name is stored.
    • Password Field is the field on the authentication entity where the password is stored.
    If you select OAuth:
    • OAuth ID Field is the field on the authentication entity where the UPN/email of the user is stored. (Do not enter user IDs here.)
    • OAuth Source Field is the field on the authentication entity where you can select the OAuth source, such as Azure AD or ADFS.
    • CustomerId Field is the field that points to the parent entity record, which serves for filtering the records that users see.
    • Customer Lookup Field is the specific field that contains the name of the parent record. This is a part of the authentication that needs to be filled in. Then you can limit the records users will see (by using sync and view filters).
    • Registration Method represents the way how new users can be registered (their records get created in the Authentication Entity):
      • None – You need to create the External user manually in CRM before users can synchronize the app.
      • Direct – You can create a new External user with a registration form, after selecting REGISTER USER on Mobile CRM’s Sync dialog, a record will be created directly on the CRM server.
      • Web Service – Same as the Direct method, but data from the registration form will be sent to the Web Service that you want to use for creating the record. Please contact us if you want more information about this option.
      • Email – Same as the Direct method, but data from the registration form will be sent via an Email.
  4. When you use a registration method different than None, additional parameters appear:
    • Registration Service Endpoint: For email and web service registration, specify the end point.
    • Registration Form: Click it to set up the registration form. You can place any field from the Authentication Entity there. Of course, the User Name and Password field should be there as well. Also, don't forget to the Customer Lookup Field that will set up the parent record. For example:
    External (portal) users: registration form External (portal) users: registration form displayed
  5. Customize the project to define what these external users can see and edit.

Example: External project, OAuth authentication, Dynamics

This example describes some of the tricky steps needed to configure Dynamics and Woodford to set up an external project using OAuth2 authentication to Azure AD.

  1. In Dynamics, on the authentication entity, create two new fields:
    • A string field called, e.g., "OAuth ID".
    • An option set called, e.g., "OAuth Source". Make sure to use the existing option set.
      External project, OAuth authentication, Dynamics: Create new field for oauthsource
  2. After creating the fields, you must fill out the values.
    • As OAuth ID, enter the UPN (User Principal Name) or the email address. Do not enter user ID. (Older documentation recommended object ID from Azure AD, this option is now obsolete.)
    • As OAuth Source, select "Azure AD".
  3. In Woodford, create a new external app project.
    • Set Password Format to "OAuth".
    • Set OAuth ID Field and OAuth Source Field to the new fields you just created and populated in Dynamics.

To access this external project in the app, use the following settings:

  • As User Mode, use "OAuth2".
  • As URL, use the server alias of the external app project with the suffix ".azuread", such as "myexternalapp.azuread".
  • Set up a password for offline data protection and tap Sync.
  • In the login form, use the credentials of the external user.

Authentication error while publishing

When publishing projects, you can run into authentication problems (e.g., "Project save failed. HttpException: Can't connect to the server.")

  • As the first thing to try, verify that the username and password are still valid.

For Dynamics organizations, verify also the following:

  • The account used when you register your organization for external projects must be granted consent to access organization data. See here for details.
  • Multi-factor authentication must be disabled for the account.

Tip: track changes of external users

Often in projects involving external users, it is useful to assign records (for example cases) to particular external users (often, contacts). You may want to keep track of new records and modifications made by external users and ensure these users can access only the information related specifically to them.

One of the options is to create a custom field for the Case entity, a lookup for a Contact (typically used as the authentication entity for external users), and assign an external user’s ID to this field in Woodford.

  1. On the backend server, for example, Dynamics or Resco Cloud, create a new lookup field for the Case entity (for example, "External Owner"), with Contact as the lookup target.
  2. Enable this field in Woodford.
  3. For the Case entity, design a sync filter that only allows the relevant records to the app.
  4. Using rules, automatically populate the external owner field whenever the external user creates a case record.

Tip: eq-customerid in sync filter

In external projects, it often makes sense to use sync filters with the operator eq-customerid. However, you must ensure the customer record is also available in the offline database. Include it in the sync filter. For example:

sync filter example with eq-customerid

See also

  • How to set up a mobile application for external users: link Blog
  • How to use Sync Filter for external users: link Blog