Skip to main content
Version: Insiders

Entra ID Authentication

EasyLife 365 supports Microsoft Entra ID authentication for webhooks, providing a secure way to authenticate webhook requests to your endpoints. This ensures that only authorized webhook calls from EasyLife 365 can reach your services.

How It Works

When Entra ID authentication is enabled for a webhook:

  1. EasyLife 365 obtains an access token from Microsoft Entra ID using the enterprise application EasyLife 365 in your tenant.
  2. The access token is included in the webhook request's Authorization header.
  3. The webhook endpoint (e.g. Azure Function http trigger) can validate the token to ensure the request is legitimate.

Configuration Steps

1. Register an Application in Entra ID

  1. Sign in to the Microsoft Entra admin center
  2. Navigate to "Applications" > "App registrations"
  3. Click "New registration"
  4. Provide a name for your application
  5. Select the supported account types
  6. Click "Register"

2. Expose an API

  1. In your registered application, go to "Expose an API"
  2. Select "Add a scope" and enter user_impersonation as name and enter a description for the consent
  3. Under "Who can consent" select Admins
  1. In your registered application, go to "API Permissions"
  2. Remove the default User.Read permission of type Delegated as app authentication will be used
  3. Grant consent to the application

3. Configure Webhook Authentication

In your webhook settings within EasyLife 365:

  1. In the EasyLife Admin interface open the template or policy in which you want to configure the webhook
  2. Enter the webhook URL in the input field and select Entra ID from the dropdown on the right
  3. Enter the Client ID of the app registration you created in earlier

Security Considerations

  • Keep your client secrets secure and rotate them regularly. Check out EasyLife Identity.
  • Implement proper token validation on your endpoint.
  • Use HTTPS for all webhook endpoints.
  • Monitor webhook authentication failures.

Troubleshooting

Common issues and solutions:

  • Token validation failures: Ensure your application has the correct permissions and the token validation parameters match your configuration
  • Missing authentication: Verify the webhook configuration in EasyLife 365 has Entra ID authentication enabled
  • Expired credentials: Check if your client secret has expired and needs to be renewed
tip

Test your webhook endpoint with authentication in the insiders environment before deploying to production.