Dynamics 365 Portal Authentication with Azure AD B2B Guest User.

Azure AD B2B has been a boon for organizations working with partners for its various applications without losing control on corporate data. The capability of adding guest users and assigning them application is something which opens up a horizon on single sign on of enterprise applications. For details on Azure AD B2B, please visit this link – https://docs.microsoft.com/en-us/azure/active-directory/b2b/what-is-b2b

Now suppose you have users from your partner organization whom you want to access your Portals. You do not want them to set-up as a Member user in your active directory. Rather you want to set them up as a guest user and assign them to the portal. But how to do it. So let’s follow the steps

Step 1: Set-up your guest user

Login to your portal : https://portal.azure.com

Go to your Azure Active Directory and then Users and click on “New Guest User”

image     image

I enter the user email address. Here I entered it as my personal email – debajit.dutta@xrmforyou.com which is different from my Azure domain xrmforyou73.onmicrosoft.com. In real life scenarios this will be the email address of your partner organization.

image

Once you send the invite, the partner will receive an invitation email. Sample below. Once the partner clicks on “Get Started”, he is asked for credentials and consent and is authenticated where he can see his access panel where the applications he has been assigned to are shown. Currently the user does not have any applications assigned to him.

imageimage

Step 2: Assigning the guest user to the Dynamics 365 Portals application in AD

While this step is not must for authenticating with the portal, this makes a better experience of the partner to seamlessly authenticate with the portal from their Access Panel.

Again in the Azure portal navigate to Azure active directory –> App Registrations.

Your portal instance is created as an APP in Azure Active Directory.

image

Click on the Application and then in the next Page again click on the Microsoft CRM Portals app as highlighted in the below screenshot.

image

In the overview page, click where total users are being shown and then add the Guest user.

image

image

And you are done. Now when the partner accesses his Access Panel, he could see his Microsoft CRM Portal on his screen. (partner may need to sign in again to see the new APP’s assigned).

image

However if I now click on Open then, it would throw an error. This is because the Sign In Page of the Portal App was not set.

Step 3: Set the sign-on URL of Portal App.

Open the Microsoft CRM Portals App in your Azure Active Directory and click on Settings and then click on Properties

image

In the Home Page URL put the URL of the portals:

Here – https://xrmforyou73.microsoftcrmportals.com

image

Save it and you are done.

Now when the partner logs in and tries to open the Portals, he first needs to sign in using Azure AD button in the portal. From the next time onwards, it just seamless authentication from his access panel.

Hope this helps!

Debajit Dutta

(Dynamics MVP)

For consultation/ corporate training visit www.xrmforyou.com or reach out to us at info@xrmforyou.com

Our product offerings:

Role based views for Dynamics 365 (http://www.xrmforyou.com/role-based-views.html)

CRM-Sharepoint Attachment uploader and metadata manager (http://www.xrmforyou.com/sharepoint-integrator.html)

Record Cloner for Dynamics 365 (http://www.xrmforyou.com/record-cloner.html)

Multiselect picklist for Dynamics 365 (http://www.xrmforyou.com/multi-select-picklist.html)

Author: Debajit

I am a Dynamics CRM Most Valuable Professional (MVP) with 12 years of experience in Microsoft .NET Technologies and 9 years of dedicated experience in Microsoft Dynamics CRM. I have worked with companies like Microsoft, SanDisk, PwC, TMF Group and have extensive experience of implementing complex CRM solutions from both offshore and client side. Currently the face of XrmForYou.com with significant experience in delivering corporate training on Dynamics CRM and have already delivered multiple projects to client through XrmForYou.com Author of multiple tools on codeplex including the 'Role Based Views' and 'CRM-Sharepoint Metadata manager & Attachment Extractor' which are available for commercial use under XrmForYou.com For consulting/ training, drop me a note at info@xrmforyou.com or visit our website www.xrmforyou.com

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s