Dynamics 365 (ADX) Portal Authentication with External Identities Part-I – Authentication with Azure Active Directory

Lately I have been working a lot on Dynamics 365 portals a lot and also delivering some trainings on the same. Don’t get much of a chance to work on Dynamics 365 portals (previously ADX portals), but when I get an opportunity, I make sure I don’t miss it.

And as I have been conducting training on CRM portals, I come across a lot of questions on Authentication of Dynamics 365 portals with external identities like Azure Active Directory/ Google/ Facebook. In the interest of my blog reader I have decided to pen down in detail on how to configure for such scenarios.

This blog will be a two part series. In this blog I will show you from scratch on how to set up Authentication of your Dynamics 365 portals with Azure Active Directory. In the next part I will show from scratch on how to set up the same with Google account.

First things first.

Launch a trial of Customer Portal for your Dynamics CRM. It’s pretty easy and I assume you know this. If not there are plenty of awesome articles which show on how to do the same. One such being –

Ok. So we have our CRM portal set-up.

The following are my details:

Portal URL –



The first time when you launch the portal and try to sign in, you would be presented with a screen like below.


Because we are going to register the user with Azure AD, so click on the Register Tab.


Ok. So we already have a button called ‘Azure AD’ for registering the user. However as I told you, we will do it from scratch. So we will place our own custom button which when clicked will authenticate with our azure Active Directory. And in case you might be wondering, the Azure active directory will be a different domain than our Dynamics CRM domain ( for which the portal is configured.

So lets go with the set-up.

Step – 1 : Register your Dynamics 365 Portal application with Azure Active directory.

Login to your Azure subscription using and search for Azure Active Directory



Click on App Registrations and then ‘New Application Registration’




Enter the details as required.


Name of the application – “Customer Portal Identifier”. This can be your any name you desire.

Application Type – Select Web app/ API

Sign-on URL – Enter the url of your D365 portal. In my case it is

Click on the Create Button.



Once done, you should see your App being listed here.

Click on the Application. You could see the Application ID. Note it down. We are going to use it later.



Click on Endpoints.



Take your federation metadata URL.



The federation metadata URL would look like below.

Remove the federation metadata URL and note the remaining URL. It would be in this format.

Note it down. We are going to use it in the Next step.


Step 2: Setting up the Site Settings to Authenticate with our custom Azure AD.


Open your CRM and go to Portal –> Site Settings.



Click on New to Create a New Site Setting.



Carefully observe the name field – Authentication/OpenIdConnect/Azure AD Custom/Authority. The highlighted part in bold is your custom provider name that you want to show up in the portal.

In the value field, we have put the URL we got from the previous step.

Save & Close this.


Click new to create a new Site Setting


Here we are putting the Client ID. Put the same Client ID that we got when we registered our CRM Portal with Azure AD.


Now click again for a last time to create a new Site Setting and enter the below information.



Here we are setting the Redirect URL. This is URL which will be called back once the authentication is successful. In this case it’s our D365 Portal.

Save & Close.

So we are all set.


Now come to the login screen again and voila! Your new button is right there.



Click on the button. And you would be redirected to the login screen.

Once you enter the credentials of a user who belongs to your Azure Active Directory, you are registered in the portal



You will be asked to accept.



Once done, you will be logged in.

Wonderful isn’t it.


In my next post I would be walking in depth to configure your D365 portals with Google account. Here is the link for the same.

Hope you like this.


-Debajit Dutta

(Dynamics MVP)

(Visit our products page – to know more about our offerings)


About Debajit
I am a Dynamics CRM Most Valuable Professional (MVP) with 10 years of experience in Microsoft .NET Technologies and 7 years of dedicated experience in Microsoft Dynamics CRM. I have worked with companies like Microsoft, SanDisk, PwC, TMF Group and have extensive experience of implementing complex CRM solutions from both offshore and client side. Currently the face of with significant experience in delivering corporate training on Dynamics CRM and have already delivered multiple projects to client through Author of multiple tools on codeplex including the 'Role Based Views' and 'CRM-Sharepoint Metadata manager & Attachment Extractor' which are available for commercial use under For consulting/ training, drop me a note at or visit our website

16 Responses to Dynamics 365 (ADX) Portal Authentication with External Identities Part-I – Authentication with Azure Active Directory

  1. Jay Harper says:

    Hi Debajit,
    Is it possible for CRM to authenticate against multiple directories? We have internal users who will need to use our CRM instance, as well as external. They will need to be fully licensed users. There will be around 1000 external users across 30 different organisations – any ideas on the best way to manage these accounts?


    • Debajit says:

      Hi Jay Harper. Sorry for the late reply as I am mostly on the road these days. I assume this might be tricky. Crm can be set-up to trust multiple directories using ADFS. However coming to ADX portal it can accept SAML endpoint however redirecting based on who is logging in might be diffucult. I haven’t tried it though. I will give it a shot though.

  2. Siddhartha Yadav says:

    Hi Debajit, This was really helpful. I have a question on Self Registration using Azure AD, how can we create an Approval process for registration request and user should get Portal access only after Request is approved?

  3. Chris says:

    Hi Debajit,
    The Sign up page of my ADX customer portal always prompts an error every time I click on it, I have uninstalled and reinstalled the portal severally but the problem persists. This is really frustrating as customers can not easily sign up. Please I would appreciated any suggestion to help solve this.

    • Debajit says:

      Hi Chris,
      Could you help me with the error u r getting

      • Chris says:

        Here it is;
        ” We’re sorry, but something went wrong. Error ID # [ad76f312-5c39-4a9e-b465-5f80e35b2765]
        Exception of type ‘System.Web.HttpUnhandledException’ was thrown.
        We’ve been notified about this issue and we’ll take a look at it shortly. Thank you for your patience ”
        The above errorr comes up every time i click on the register tab of the sign in page.

      • Debajit says:

        Hi Chris,
        Sorry for the delayed reply as I was travelling. Check for the below settings in CRM -> Portal – Site Settings

        Authentication/Registration/OpenRegistrationEnabled. This should be set to true

        Additionally you can have Authentication/Registration/InvitationEnabled and Authentication/Registration/EmailConfirmationEnabled as true/ false depending on the requirement.


  4. Tobias says:

    Hi Debajit,
    Thanks for a very interesting post. I have a question for you I haven’t find an answer for yet. Do you know if it is possible for a contact in crm to use their “azure ad guest account” in our domain to login to our dynamics 365 portal?

    • Debajit says:

      H Tobias,
      Thanks for reading my blog post. I think so it is possible using the Azure AD B2B Collaboration. Basically the idea is to send an invitation as guest user to the contact from Azure AD and when the contact redeems it, seamlessly a Azure AD Account will be created from them.


  5. Hi Debajit, a most educational post. We are currently looking into setting up SSO for AX Operations, for a customer with an Azure Ad fully synched with their On-Prem Ad… no luck so fare. Any experiencs with this you could share with us?


  6. Jeevan Kumar Balija says:

    Hi Debajit,
    I have configured Azure AD B2C for one of my client’s portal, all seems to work ok except the registration, the registration is happening in 2 steps.
    1. Sign in with Invitation code
    2. Sign up for Azure B2C via Manage External authentication.
    If i directly try to signup with B2C, sign up is successful but it redirects me to redem page to enter invitation code. Do you have any idea to make this signup process into single step, we need Azure B2C authentication.


  7. Hajime Kusakabe says:


    Thank you for a great post. I went through it and it worked without any issue.
    I wonder if you can answer my question. I have created another login button but now I don’t need it and so I have deleted all the entries from CRM and Azure AD. However, the button remains even I clear the cache.
    Do you know what I need to do to remove it?


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: