MSAL authentication
Since release 17.1, Resco Mobile CRM supports authenticating with Azure AD using the Microsoft Authentication Library (MSAL). MSAL integrates with v2.0 endpoints of Azure AD API (rather than the v1.0 endpoints used before).
Switching to MSAL will eventually allow us to support dynamic permissions. With dynamic permissions, the app will no longer need all permissions immediately, even for features you don't use. Instead, the app will only request permissions for features that you are using.
Switching to MSAL
Users can set the MSAL mode using the Setup/Settings screen of their app, in the parameter MSAL Mode.
If you are using MDM, you have the option to set up the MSAL mode for your users. You can modify in the MDM app config (key-value pairs).
Troubleshooting
Some users report problems with MSAL authentication on iOS devices. For troubleshooting, please follow these steps:
- Go to the app Setup > CRM and initiate a full-flow synchronization from here.
If you encounter problems, record the errors and logs and send them to our support.
If that doesn't help: - Synchronize with a tenant admin user. Grant consent on behalf of your organization.
If you encounter problems, record the errors and logs and send them to our support.
If that doesn't help: - Go to the app Setup > MSAL Mode and set it to "Off". Save all changes, then start the synchronization again.
If you encounter problems, record the errors and logs and send them to our support.
| Tip | Even brand new users of the Resco Mobile CRM app can get into the Setup and change the MSAL Mode. On the Welcome to Resco Mobile CRM screen, tap Skip & use demo data. On the next screen, tap Skip. You can then access Setup as normal. |