Tag Archives: azure active directory

Dynamics 365 Portal/ powerapps portal Authentication with Azure Active Directory

Follow my blog for more interesting topics on Dynamics 365, Portals and Power Platform. For training and consulting, write to us at info@xrmforyou.com

Lately I have been working a lot on Dynamics 365 portals a lot and also delivering some trainings on the same. Don’t get much of a chance to work on Dynamics 365 portals (previously ADX portals), but when I get an opportunity, I make sure I don’t miss it.

And as I have been conducting training on CRM portals, I come across a lot of questions on Authentication of Dynamics 365 portals with external identities like Azure Active Directory/ Google/ Facebook. In the interest of my blog reader I have decided to pen down in detail on how to configure for such scenarios.

This blog will be a two part series. In this blog I will show you from scratch on how to set up Authentication of your Dynamics 365 portals with Azure Active Directory. In the next part I will show from scratch on how to set up the same with Google account.

First things first.

Launch a trial of Customer Portal for your Dynamics CRM. It’s pretty easy and I assume you know this. If not there are plenty of awesome articles which show on how to do the same. One such being – http://dynamicscrmcoe.com/install-dynamics-365-portals/

Ok. So we have our CRM portal set-up.

The following are my details:

Portal URL – https://xrmtr1.microsoftcrmportals.com

CRM URL – https://xrmtr50.crm8.dynamics.com

The first time when you launch the portal and try to sign in, you would be presented with a screen like below.

image

Because we are going to register the user with Azure AD, so click on the Register Tab.

image

Ok. So we already have a button called ‘Azure AD’ for registering the user. However as I told you, we will do it from scratch. So we will place our own custom button which when clicked will authenticate with our azure Active Directory. And in case you might be wondering, the Azure active directory will be a different domain than our Dynamics CRM domain (xrmtr50.onmicrosoft.com) for which the portal is configured.

So lets go with the set-up.

Step – 1 : Register your Dynamics 365 Portal application with Azure Active directory.

Login to your Azure subscription using https://portal.azure.com and search for Azure Active Directory

image

Click on App Registrations and then ‘New Application Registration’

image

image

Enter the details as required.

image

Name of the application – “Customer Portal Identifier”. This can be your any name you desire.

Application Type – Select Web app/ API

Sign-on URL – Enter the url of your D365 portal. In my case it is https://xrmtr1.microsoftcrmportals.com

Click on the Create Button.

image

Once done, you should see your App being listed here.

Click on the Application. You could see the Application ID. Note it down. We are going to use it later.

image

Click on Endpoints.

image

Take your federation metadata URL.

image

The federation metadata URL would look like below.

https://login.windows.net/95564beb-4dc8-43c2-bdda-12cea2056346/federationmetadata/2007-06/federationmetadata.xml

Remove the federation metadata URL and note the remaining URL. It would be in this format. https://login.windows.net/95564beb-4dc8-43c2-bdda-12cea2056346

Note it down. We are going to use it in the Next step.

Step 2: Setting up the Site Settings to Authenticate with our custom Azure AD.

Open your CRM and go to Portal –> Site Settings.

image

Click on New to Create a New Site Setting.

image

Carefully observe the name field – Authentication/OpenIdConnect/Azure AD Custom/Authority. The highlighted part in bold is your custom provider name that you want to show up in the portal.

In the value field, we have put the URL we got from the previous step.

Save & Close this.

Click new to create a new Site Setting

image

Here we are putting the Client ID. Put the same Client ID that we got when we registered our CRM Portal with Azure AD.

Now click again for a last time to create a new Site Setting and enter the below information.

image

Here we are setting the Redirect URL. This is URL which will be called back once the authentication is successful. In this case it’s our D365 Portal.

Save & Close.

So we are all set.

Now come to the login screen again and voila! Your new button is right there.

image

Click on the button. And you would be redirected to the login screen.

Once you enter the credentials of a user who belongs to your Azure Active Directory, you are registered in the portal

image

You will be asked to accept.

image

Once done, you will be logged in.

Wonderful isn’t it.

In my next post I would be walking in depth to configure your D365 portals with Google account. Here is the link for the same.

https://debajmecrm.com/2017/06/13/dynamics-365-portal-authentication-with-external-identities-part-ii-authentication-with-google-account/

Hope you like this.

-Debajit Dutta

(Dynamics MVP)

(Visit our products page – http://www.xrmforyou.com/products-1.html to know more about our offerings)