MSAL authentication
Jump to navigation
Jump to search
Since release 17.1, Resco Mobile CRM supports authenticating with Azure AD using the Microsoft Authentication Library (MSAL). MSAL integrates with v2.0 endpoints of Azure AD API (rather than the v1.0 endpoints used before).
Switching to MSAL will eventually allow us to support dynamic permissions. With dynamic permissions, the app will no longer need all permissions immediately, even for features you don't use. Instead, the app will only request permissions for features that you are using.
Switching to MSAL
- Users can set the MSAL mode using the Setup/Settings screen of their app, in the parameter MSAL Mode.
- Woodford admins can set up MSAL mode in the Configuration on the Security tab.
- MDM admins can set up the MSAL mode for your users. You can modify the MDM app config (key-value pairs).
MSAL modes
These are the available MSAL modes:
- Off: Fall back to the previous authentication method without MSAL.
- Select: Display a list of previously used accounts; users can select which to use.
- No prompt: Attempt to authenticate silently. This may work if you are already authenticated on a Windows computer. Falls back to a prompt if silent authentication is not viable.
- With broker: Use the Microsoft Authenticator broker app (on Android/iOS devices; the app must be installed). On Windows, use Web Account Manager (Windows component) as the broker.
Troubleshooting
Some users report problems with MSAL authentication on iOS devices. For troubleshooting, please follow these steps:
- Go to the app Setup > CRM and initiate a full-flow synchronization from here.
If you encounter problems, record the errors and logs and send them to our support.
If that doesn't help: - Synchronize with a tenant admin user. Grant consent on behalf of your organization.
If you encounter problems, record the errors and logs and send them to our support.
If that doesn't help: - Go to the app Setup > MSAL Mode and set it to "Off". Save all changes, then start the synchronization again.
If you encounter problems, record the errors and logs and send them to our support.
| Tip | Even brand new users of the Resco Mobile CRM app can get into the Setup and change the MSAL Mode. On the Welcome to Resco Mobile CRM screen, tap Skip & use demo data. On the next screen, tap Skip. You can then access Setup as normal. |