Follow my blog for more interesting topics on Dynamics 365, Portals and Power Platform. For training and consulting, write to us at email@example.com
Lately I have been working a lot on Dynamics 365 portals a lot and also delivering some trainings on the same. Don’t get much of a chance to work on Dynamics 365 portals (previously ADX portals), but when I get an opportunity, I make sure I don’t miss it.
And as I have been conducting training on CRM portals, I come across a lot of questions on Authentication of Dynamics 365 portals with external identities like Azure Active Directory/ Google/ Facebook. In the interest of my blog reader I have decided to pen down in detail on how to configure for such scenarios.
This blog will be a two part series. In this blog I will show you from scratch on how to set up Authentication of your Dynamics 365 portals with Azure Active Directory. In the next part I will show from scratch on how to set up the same with Google account.
First things first.
Launch a trial of Customer Portal for your Dynamics CRM. It’s pretty easy and I assume you know this. If not there are plenty of awesome articles which show on how to do the same. One such being – http://dynamicscrmcoe.com/install-dynamics-365-portals/
Ok. So we have our CRM portal set-up.
The following are my details:
Portal URL – https://xrmtr1.microsoftcrmportals.com
CRM URL – https://xrmtr50.crm8.dynamics.com
The first time when you launch the portal and try to sign in, you would be presented with a screen like below.
Because we are going to register the user with Azure AD, so click on the Register Tab.
Ok. So we already have a button called ‘Azure AD’ for registering the user. However as I told you, we will do it from scratch. So we will place our own custom button which when clicked will authenticate with our azure Active Directory. And in case you might be wondering, the Azure active directory will be a different domain than our Dynamics CRM domain (xrmtr50.onmicrosoft.com) for which the portal is configured.
So lets go with the set-up.
Step – 1 : Register your Dynamics 365 Portal application with Azure Active directory.
Login to your Azure subscription using https://portal.azure.com and search for Azure Active Directory
Click on App Registrations and then ‘New Application Registration’
Enter the details as required.
Name of the application – “Customer Portal Identifier”. This can be your any name you desire.
Application Type – Select Web app/ API
Sign-on URL – Enter the url of your D365 portal. In my case it is https://xrmtr1.microsoftcrmportals.com
Click on the Create Button.
Once done, you should see your App being listed here.
Click on the Application. You could see the Application ID. Note it down. We are going to use it later.
Click on Endpoints.
Take your federation metadata URL.
The federation metadata URL would look like below.
Remove the federation metadata URL and note the remaining URL. It would be in this format. https://login.windows.net/95564beb-4dc8-43c2-bdda-12cea2056346
Note it down. We are going to use it in the Next step.
Step 2: Setting up the Site Settings to Authenticate with our custom Azure AD.
Open your CRM and go to Portal –> Site Settings.
Click on New to Create a New Site Setting.
Carefully observe the name field – Authentication/OpenIdConnect/Azure AD Custom/Authority. The highlighted part in bold is your custom provider name that you want to show up in the portal.
In the value field, we have put the URL we got from the previous step.
Save & Close this.
Click new to create a new Site Setting
Here we are putting the Client ID. Put the same Client ID that we got when we registered our CRM Portal with Azure AD.
Now click again for a last time to create a new Site Setting and enter the below information.
Here we are setting the Redirect URL. This is URL which will be called back once the authentication is successful. In this case it’s our D365 Portal.
Save & Close.
So we are all set.
Now come to the login screen again and voila! Your new button is right there.
Click on the button. And you would be redirected to the login screen.
Once you enter the credentials of a user who belongs to your Azure Active Directory, you are registered in the portal
You will be asked to accept.
Once done, you will be logged in.
Wonderful isn’t it.
In my next post I would be walking in depth to configure your D365 portals with Google account. Here is the link for the same.
Hope you like this.
(Visit our products page – http://www.xrmforyou.com/products-1.html to know more about our offerings)