Thursday, December 19, 2019

Registering a Microsoft Dynamics 365 Finance and Operations app with Azure Active Directory for OAuth 2.0 authentication (Integrations)


As we know D365FO implements Azure Active Directory based authentication for Web Services. Azure Active Directory Service provides identity as a service with support for industry-standard protocols. D365FO outsources authentication to Azure AD and any integration application like below should be registered app in Azure active directory and register the same in D365FO.
  • Recurring data batch job (Data management)
  • Recurring Integrations Scheduler (Used to upload file from  on premises to  D365FO using Data management(Local file share))
  • OData services
  • API’s ( Retail Server, CRT, OData services etc.. )
  • Customer web services

Getting started:-
To enable Microsoft Dynamics 365 Finance and Operations app access to external system then we must have the following:
·         Azure Active Directory account
·         D365FO account with Administrative permissions

How to do it...
First register a D365FO with Azure Active Directory in Azure portal:

1. In browser, Login to Azure Portal with Admin account (Preferably Dynamics 365 finance and operation Admin account which never expires) - https://portal.azure.com then click on “Azure active directory”

2. From the left-hand navigation toolbar, Under Manage section click on App registration and click on “New registration” to create new app.

3. In “Register an application” form, provide following info
Name: - <Can be anything friendly name>
Supported account types :( based on requirement, users can access from any AD)
Redirect URI: <it’s an optional parameter, you can give you D365FO URL as well>



4. Then Click on “View API permissions” to provide access to D365FO


5. Click on “Add a permissions”


6.  On the Request API permissions/Select an API page, select Dynamics ERP to grant the access.


7. Then click on “Delegate permissions” and provide access as based on your need: here I have given full access for all three, then click on Add permissions.
·         AX.FullAccess, 
·         CustomService.FullAccess
·         Odata.FullAccess.


7    8. Left side tool bar then click on “Certificate & secrets” under manage to generate secret key.


8    9. Click on “New client secret




      10. In “Add a client secret” form provide Description as you like and Expires as “Never”, so it will not be expired. Then click on “Add


     11. Please make a copy of newly created client secret value else will not be able to see once you leave the page.


      12. Once you registering D365FO application, then make a copy of the Application (client) ID as displayed in your application's overview page and secret key, as you will need to provide it during the authentication process.
Register the Newly created Azure Application with Dynamics 365 Finance and Operations
The Azure AD Application(s) created in the previous step need(s) to be granted access to the specific instance of D365FO.
Note:- This is required only if you are going to use service to service authentication type using secret key instead of user impersonation.
      1. In a web browser, navigate to Dynamics 365 Finance and Operations.
      2. Navigate to System Administration -> Setup -> Azure Active Directory applications and then click New.


      3. Enter the following values in their respective fields:
·         Client Id: <Application ID registered in Azure Active Directory, in previous steps>
·         Name: <Name for the application based on usage>
·         User ID: <Preferably service account user who has full access on D365FO>



How to verify...
After completing these steps, you should have this information recorded and available:
·         Application (client) ID
·         Client secret

We will use this information for authentication if you want to do CRUD operation in side D365FO from external applications.

Hope this helps, in another blog I will come up with how to make use of this authentication and import data using "Recurring Integrations Scheduler"

1 comment:

  1. Thank you and your post helped me to register the App ID in FO.

    ReplyDelete