As we know D365FO implements Azure
Active Directory based authentication for Web Services. Azure Active Directory
Service provides identity as a service with support for industry-standard
protocols. D365FO outsources authentication to Azure AD and any integration
application like below should be registered app in Azure active directory and
register the same in D365FO.
- Recurring data batch job (Data management)
- Recurring Integrations Scheduler (Used to upload
file from on premises to D365FO using Data management(Local file
share))
- OData services
- API’s ( Retail Server, CRT, OData services etc.. )
- Customer web services
Getting started:-
To
enable Microsoft Dynamics 365 Finance and Operations app access to external
system then we must have the following:
·
Azure Active Directory account
·
D365FO account with Administrative
permissions
How to do it...
First register a D365FO with Azure Active Directory
in Azure portal:
1. In browser, Login to Azure Portal
with Admin account (Preferably Dynamics 365 finance and operation Admin account
which never expires) - https://portal.azure.com then click on “Azure active directory”
2. From the left-hand navigation toolbar, Under Manage
section click on App registration and click on “New registration”
to create new app.
3. In “Register an application” form, provide
following info
Name: - <Can be
anything friendly name>
Supported
account types :( based on requirement, users can access from any
AD)
Redirect URI: <it’s an
optional parameter, you can give you D365FO URL as well>
4. Then Click on “View API permissions” to
provide access to D365FO
5. Click on “Add a permissions”
6. On the Request API permissions/Select an API
page, select Dynamics ERP to grant the access.
7. Then click on “Delegate permissions” and
provide access as based on your need: here I have given full access for
all three, then click on Add permissions.
·
AX.FullAccess,
·
CustomService.FullAccess
·
Odata.FullAccess.
7 8. Left side tool bar then click on “Certificate
& secrets” under manage to generate secret key.
8 9. Click on “New client secret”
10. In “Add a client secret” form provide
Description as you like and Expires as “Never”, so it will not be
expired. Then click on “Add”
11. Please make a copy of newly created client secret
value else will not be able to see once you leave the page.
12. Once you registering D365FO application, then make
a copy of the Application (client) ID as displayed in your application's
overview page and secret key, as you will need to provide it during the
authentication process.
Register the Newly created Azure Application with
Dynamics 365 Finance and Operations
The Azure AD Application(s) created in the previous
step need(s) to be granted access to the specific instance of D365FO.
Note:- This is required only if you are going to
use service to service authentication type using secret key instead of user
impersonation.
1. In a web browser, navigate to Dynamics 365 Finance
and Operations.
2. Navigate to System
Administration -> Setup -> Azure Active Directory applications and
then click New.
3. Enter the following values in their respective
fields:
·
Client Id:
<Application ID registered in Azure Active Directory, in previous steps>
·
Name: <Name for
the application based on usage>
·
User ID:
<Preferably service account user who has full access on D365FO>
How
to verify...
After completing these steps, you should have this
information recorded and available:
·
Application (client) ID
·
Client secret
We will use this information for authentication if
you want to do CRUD operation in side D365FO from external applications.
Hope this helps, in another blog I will come up
with how to make use of this authentication and import data using " Recurring Integrations Scheduler"
Thank you and your post helped me to register the App ID in FO.
ReplyDelete