Dynamics 365 (ADX) Portal Authentication with External Identities Part-I – Authentication with Azure Active Directory

Lately I have been working a lot on Dynamics 365 portals a lot and also delivering some trainings on the same. Don’t get much of a chance to work on Dynamics 365 portals (previously ADX portals), but when I get an opportunity, I make sure I don’t miss it.

And as I have been conducting training on CRM portals, I come across a lot of questions on Authentication of Dynamics 365 portals with external identities like Azure Active Directory/ Google/ Facebook. In the interest of my blog reader I have decided to pen down in detail on how to configure for such scenarios.

This blog will be a two part series. In this blog I will show you from scratch on how to set up Authentication of your Dynamics 365 portals with Azure Active Directory. In the next part I will show from scratch on how to set up the same with Google account.

First things first.

Launch a trial of Customer Portal for your Dynamics CRM. It’s pretty easy and I assume you know this. If not there are plenty of awesome articles which show on how to do the same. One such being – http://dynamicscrmcoe.com/install-dynamics-365-portals/

Ok. So we have our CRM portal set-up.

The following are my details:

Portal URL – https://xrmtr1.microsoftcrmportals.com

CRM URL – https://xrmtr50.crm8.dynamics.com

 

The first time when you launch the portal and try to sign in, you would be presented with a screen like below.

image

Because we are going to register the user with Azure AD, so click on the Register Tab.

image

Ok. So we already have a button called ‘Azure AD’ for registering the user. However as I told you, we will do it from scratch. So we will place our own custom button which when clicked will authenticate with our azure Active Directory. And in case you might be wondering, the Azure active directory will be a different domain than our Dynamics CRM domain (xrmtr50.onmicrosoft.com) for which the portal is configured.

So lets go with the set-up.

Step – 1 : Register your Dynamics 365 Portal application with Azure Active directory.

Login to your Azure subscription using https://portal.azure.com and search for Azure Active Directory

image

 

Click on App Registrations and then ‘New Application Registration’

image

image

 

Enter the details as required.

image

Name of the application – “Customer Portal Identifier”. This can be your any name you desire.

Application Type – Select Web app/ API

Sign-on URL – Enter the url of your D365 portal. In my case it is https://xrmtr1.microsoftcrmportals.com

Click on the Create Button.

image

 

Once done, you should see your App being listed here.

Click on the Application. You could see the Application ID. Note it down. We are going to use it later.

image

 

Click on Endpoints.

image

 

Take your federation metadata URL.

image

 

The federation metadata URL would look like below.

https://login.windows.net/95564beb-4dc8-43c2-bdda-12cea2056346/federationmetadata/2007-06/federationmetadata.xml

Remove the federation metadata URL and note the remaining URL. It would be in this format. https://login.windows.net/95564beb-4dc8-43c2-bdda-12cea2056346

Note it down. We are going to use it in the Next step.

 

Step 2: Setting up the Site Settings to Authenticate with our custom Azure AD.

 

Open your CRM and go to Portal –> Site Settings.

image

 

Click on New to Create a New Site Setting.

image

 

Carefully observe the name field – Authentication/OpenIdConnect/Azure AD Custom/Authority. The highlighted part in bold is your custom provider name that you want to show up in the portal.

In the value field, we have put the URL we got from the previous step.

Save & Close this.

 

Click new to create a new Site Setting

image

Here we are putting the Client ID. Put the same Client ID that we got when we registered our CRM Portal with Azure AD.

 

Now click again for a last time to create a new Site Setting and enter the below information.

image

 

Here we are setting the Redirect URL. This is URL which will be called back once the authentication is successful. In this case it’s our D365 Portal.

Save & Close.

So we are all set.

 

Now come to the login screen again and voila! Your new button is right there.

image

 

Click on the button. And you would be redirected to the login screen.

Once you enter the credentials of a user who belongs to your Azure Active Directory, you are registered in the portal

image

 

You will be asked to accept.

image

 

Once done, you will be logged in.

Wonderful isn’t it.

 

In my next post I would be walking in depth to configure your D365 portals with Google account. Here is the link for the same.

https://debajmecrm.com/2017/06/13/dynamics-365-portal-authentication-with-external-identities-part-ii-authentication-with-google-account/

Hope you like this.

 

-Debajit Dutta

(Dynamics MVP)

(Visit our products page – http://www.xrmforyou.com/products-1.html to know more about our offerings)

Advertisements

Author: Debajit

I am a Dynamics CRM Most Valuable Professional (MVP) with 10 years of experience in Microsoft .NET Technologies and 7 years of dedicated experience in Microsoft Dynamics CRM. I have worked with companies like Microsoft, SanDisk, PwC, TMF Group and have extensive experience of implementing complex CRM solutions from both offshore and client side. Currently the face of XrmForYou.com with significant experience in delivering corporate training on Dynamics CRM and have already delivered multiple projects to client through XrmForYou.com Author of multiple tools on codeplex including the 'Role Based Views' and 'CRM-Sharepoint Metadata manager & Attachment Extractor' which are available for commercial use under XrmForYou.com For consulting/ training, drop me a note at info@xrmforyou.com or visit our website www.xrmforyou.com

12 thoughts on “Dynamics 365 (ADX) Portal Authentication with External Identities Part-I – Authentication with Azure Active Directory”

  1. Hi Debajit,
    Is it possible for CRM to authenticate against multiple directories? We have internal users who will need to use our CRM instance, as well as external. They will need to be fully licensed users. There will be around 1000 external users across 30 different organisations – any ideas on the best way to manage these accounts?

    Thanks

    1. Hi Jay Harper. Sorry for the late reply as I am mostly on the road these days. I assume this might be tricky. Crm can be set-up to trust multiple directories using ADFS. However coming to ADX portal it can accept SAML endpoint however redirecting based on who is logging in might be diffucult. I haven’t tried it though. I will give it a shot though.

  2. Hi Debajit, This was really helpful. I have a question on Self Registration using Azure AD, how can we create an Approval process for registration request and user should get Portal access only after Request is approved?

  3. Hi Debajit,
    The Sign up page of my ADX customer portal always prompts an error every time I click on it, I have uninstalled and reinstalled the portal severally but the problem persists. This is really frustrating as customers can not easily sign up. Please I would appreciated any suggestion to help solve this.

      1. Here it is;
        ” We’re sorry, but something went wrong. Error ID # [ad76f312-5c39-4a9e-b465-5f80e35b2765]
        Exception of type ‘System.Web.HttpUnhandledException’ was thrown.
        We’ve been notified about this issue and we’ll take a look at it shortly. Thank you for your patience ”
        The above errorr comes up every time i click on the register tab of the sign in page.

      2. Hi Chris,
        Sorry for the delayed reply as I was travelling. Check for the below settings in CRM -> Portal – Site Settings

        Authentication/Registration/OpenRegistrationEnabled. This should be set to true

        Additionally you can have Authentication/Registration/InvitationEnabled and Authentication/Registration/EmailConfirmationEnabled as true/ false depending on the requirement.

        -Debajit

  4. Hi Debajit,
    Thanks for a very interesting post. I have a question for you I haven’t find an answer for yet. Do you know if it is possible for a contact in crm to use their “azure ad guest account” in our domain to login to our dynamics 365 portal?

    1. H Tobias,
      Thanks for reading my blog post. I think so it is possible using the Azure AD B2B Collaboration. Basically the idea is to send an invitation as guest user to the contact from Azure AD and when the contact redeems it, seamlessly a Azure AD Account will be created from them.

      -Debajit

  5. Hi Debajit, a most educational post. We are currently looking into setting up SSO for AX Operations, for a customer with an Azure Ad fully synched with their On-Prem Ad… no luck so fare. Any experiencs with this you could share with us?

    \\Per-Erik

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s