Provide consent to access data to provision Omnichannel for Customer Service

Applies to: Dynamics 365 Contact Center—embedded, Dynamics 365 Contact Center—standalone, and Dynamics 365 Customer Service

Important

Azure Active Directory is being renamed to Microsoft Entra ID. No action is needed from you. For more information, see New name for Azure Active Directory.

This article provides information about the consent that's needed to access the different components and data during the installation and provision of Omnichannel for Customer Service.

Omnichannel for Customer Service app requires the following permissions to read and write data on behalf of users:

  • Allow the application to read flows: The app can access the flows if they have been used in macros.

  • Allow the application to manage flows: The app can manage flows if they have been used in macros and to which you have access.

  • Access Microsoft Flow as signed in user: Allows you to access Microsoft Flow as a signed-in user if flows have been used in macros.

  • Create content: The app can automatically create content and datasets for you.

  • Read and write all dashboards: The app can access and edit all your dashboards and any dashboards that you have access to.

  • Read and write all reports: The app can access and edit all your reports and any reports that you have access to.

  • Read and write user settings and state: The app can access and edit your user settings and the user-specific state associated with content you have access to.

  • Read and write all workspaces: The app can access and edit all workspaces that you have access to.

  • Sign you in and read your profile: Allows you to sign in to the app with your work account and let the app read your profile. It also allows the app to read basic company information.

  • Access Common Data Service as you: Allows the app to access Microsoft Dataverse as you.

A detailed explanation is as follows:

  • Permissions Create content, Read and write all dashboard, Read and write all reports, Read and write user settings and state, and Read and write all workspaces: During the provisioning of Omnichannel for Customer Service, "Omnichannel Insights for Dynamics 365" Power BI app is deployed to gain insights about your customer service omnichannel delivery performance and customer sentiment. The Power BI app consists of the following Power BI components. Omnichannel App needs the read and write permissions to deploy and interact with these components.

    • Workspace: Omnichannel Insights for Dynamics 365
    • Dashboards:
      • Omnichannel Insights for Dynamics 365
      • Omnichannel Sentiment Analysis (OCSA) for Dynamics 365
    • Reports: Omnichannel Insights for Dynamics 365
    • Datasets: Omnichannel Insights for Dynamics 365

    More information: Omnichannel Insights Dashboard

  • Sign in and read your profile: Allows Omnichannel to sign into the app with user’s work account and let the app read the user profile. It also allows the app to read basic company information.

  • Access Common Data Service as you:

    • For Customer Service users: Allows Customer Service to automatically create a non-licensed, non-interactive application user, and assign security roles to the application user. This application user is primarily used to access omnichannel agents and supervisors characteristics, such as capacity, skill, and presence; configuration data such as workstreams and queues; and to sync queue item and conversation data with Dataverse.

    • For Omnichannel for Customer Service users: Allows Omnichannel for Customer Service to automatically create a non-licensed, non-interactive application user, and assign security roles to the application user. This application user is primarily used to access omnichannel agents’ characteristics, such as capacity, skill, and presence, and to sync chat-related entities with Dataverse.

The following enterprise applications will be created in your Microsoft Entra ID and corresponding security permissions mentioned during data consent will get propagated to these apps. The Omnichannel Application User created in Dataverse will have reference to these AAD enterprise applications thereby helping it to interact with Dataverse and Omnichannel satellite services.

  • Omni-channel Engagement Hub
  • Omni-channel Engagement Hub APIs
  • Omni-channel Engagement Hub Provisioning Application

A screenshot of the engagement hub is as follows.

Omnichannel engagement hub.

FAQ

Only the delegated permissions are required. On consent, the following two service principals are created:

– “Omnichannel APIs”

  • “Omnichannel for Customer Service”

Which are the Omnichannel principals? We found at least four Omnichannel principals.

“Omnichannel APIs” is the main application ID that's used for UI operations such as triggering provisioning of UR and loading the presence for an agent. “Omnichannel for Customer Service” is the app that has Dataverse permissions and is used to read data from Dataverse and write data to Dataverse for the Omnichannel service for the unified routing capability of classification and assignment.

The following applications were created as third-party applications. They'll be moved to be first-party Microsoft applications.

  • “Omnichannel for CS Provisioning App Primary” is the first-party app equivalent of “Omnichannel APIs”.

  • “Omnichannel for CS CRM ClientApp Primary” is the first-party app equivalent of “Omnichannel for Customer Service”.

How do all these principals interact with each other?

These four principals don't interact with each other. 

Which principal performs the background automation that unified routing seemingly enables, and what permissions does it have?

The “Omnichannel for Customer Service” application. This app has Dataverse permissions that are used to read data from Dataverse and write data to Dataverse for Omnichannel service for the unified routing capability of classification and assignment.

Provision channels
Provision unified routing for Customer Service