• Home
  • Blog
  • About Me
  • Home
  • Blog
  • About Me
Dynamics 365

How to Configure Dynamics 365 S2S Authentication

By Joe Gill  Published On 12th December 2017

The combination of the Dynamics 365 Web API and Azure Active Directory allows a variety of applications to integrate easily with Dynamics 365 to retrieve and update data.  This can be any type of application such as a web site or a data integration process and is commonly referred to as S2S, server-to-server, authentication.

Calling the Web API using S2S is a two step process. The first step is to authenticate the calling application using Azure Active Directory. The authentication process generates a token which is passed along with the Application Id when the Dynamics Web API is called. The Web API call then searches for a user account for the application. This is a special type of user account called application user.  Providing the application user has the appropriate rights the API is executed. Application user accounts do not consume a license which is an added bonus.

This post covers how to register an S2S application in Azure AD and how to create an application user in Dynamics with a custom security role to give the application specific security rights.

Goto to your Azure Portal and select the Azure Active Directory service and under App Registrations select New application registration.

Azure AD Application Registration

 


Give you application registration a name. The sign on URL is required but not used so you can simply set it to localhost.

Azure AD Dynamics 365 S2S Application Registration

Once you Application Registration is saved you need to create the secret key that will be used for authentication. Select API Access and then Keys.

To create a password key give it a Description and select its expiry duration. Note: Once you save the password Key Value will be displayed.  You need save this somewhere secure as it cannot be viewed once you navigate away from here.

Another piece of information you will need to authenticate against Azure AD is the Endpoint identifier. To get it select Endpoint and extract the identifier from the Endpoint URLs.  https://login.microsoftonline.com/3e3105H8-06f9-46b6-9f79-3343ad707898/federationmetadata/2007-06/federationmetadata.xml

S2S Dynamics 365 S2S Endpoint

Azure AD Application Endpoint

Once you have registered the application you need to create the application user in the instance of Dynamics will be accessed by your application.  Goto to security in Dynamics and select the Appplication Users view. Select New and create the application user using the ID of the application you registered in Azure AD. You need to assign the application user a name and email address before you can save it.

How to add an Application User to Dynamics 365 for S2S Authentication

Once the application user is saved you need to assign it a custom security role. You cannot assign it an out of the box role.

Dynamics Application User Security Role for S2S Authentication

Once these step are done you can use one of the many ADAL libaries,  Azure Active Directory Authentication Libraries, to authenticate using the password key  and call the Dynamics 365 Web API. I will do an example of  how to use S2S authentciation this in another post.


ADALdynamics 365Web API

Related Articles


Dynamics 365
Search Attachment Content with Relevance Search
7th August 2017
Azure  ·  Dynamics 365
External Access to Dynamics 365 Using Azure AD
30th October 2018
Azure  ·  Dynamics 365  ·  Integration  ·  Power Automate
Flow to Synch Dynamics 365 with an On Premise Database
19th November 2018
Search Attachment Content with Relevance Search
Previous Article
Dynamics Web Chat with PowerChat
Next Article