title | description | ms.custom | ms.date | ms.reviewer | ms.suite | ms.tgt_pltfrm | ms.topic | applies_to | helpviewer_keywords | ms.assetid | caps.latest.revision | author | ms.author | search.audienceType | |||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Walkthrough: Register a Dynamics 365 Customer Engagement app with Active Directory (Developer Guide for Dynamics 365 Customer Engagement (on-premises))| MicrosoftDocs |
This walkthrough describes how to register an application with Azure Active Directory so that it can connect to the Dynamics 365 Server, authenticate using OAuth, and access the web services |
03/29/2019 |
pehecke |
article |
|
|
dd48aa30-7b05-4b15-a039-ff6522da8613 |
57 |
JimDaly |
jdaly |
|
This walkthrough describes how to register a desktop client or mobile application so that it can connect to and authenticate with the Dynamics 365 Server and access the Web services. Once registered, an application can access the Web services using HTTP requests with the Web API or by the SDK API for .NET.
[!INCLUDEcc_sdk_onpremises_note]
For an on-premises or Internet-facing deployment (IFD):
-
A [!INCLUDEpn_windows_server_2012_r2] with [!INCLUDEpn_adfs_short].
-
You must have administrator access to the server hosting the Dynamics 365 Customer Engagement (on-premises) deployment services role and the [!INCLUDEpn_adfs_short] server.
-
The on-premises server must be configured to use claims authentication.
-
The redirect URL for your application. Instructions for finding that URL are provided in the section named Obtain the redirect URL.
One method to obtain the redirect URI for a native client [!INCLUDEpn_ms_Windows_short] application is to execute the following line of code in a debug session of your application and examine the returned URI value. In a WinJS debug session, select the RawUri
property.
string redirectUri = WebAuthenticationBroker.GetCurrentApplicationCallbackUri().ToString();
Dim redirectUri As String = WebAuthenticationBroker.GetCurrentApplicationCallbackUri().ToString()
Windows.Security.Authentication.Web.WebAuthenticationBroker.getCurrentApplicationCallbackUri()
The WebAuthenticationBroker
class can be found in the Windows.Security.Authentication.Web
namespace. Use the string value returned from the method call when you register the app.
For a non-[!INCLUDEpn_ms_Windows_short] native client application such as a console application, use any valid URI value. In this case, the URI doesn’t need to actually exist but it must be unique in the tenant.
Scenario: A customer or other person registers a custom application to access organization data on a [!INCLUDEpn_crm_shortest] server provided by an ISV or Partner.
-
Configures the [!INCLUDEpn_crm_shortest] on-premises (IFD) server and [!INCLUDEpn_adfs_short] server using [!INCLUDEpn_PowerShell] commands that are provided later in this section.
-
Provides the client ID and server address URL information to the customer.
- Configures the external application by entering the client ID and server address URL in the app as instructed.
To configure the [!INCLUDEpn_crm_shortest] server to enable federated claims, follow these steps.
-
Log on as administrator on the [!INCLUDEpn_crm_shortest] server that hosts the deployment service role and open a [!INCLUDEpn_PowerShell] command window.
-
Add the [!INCLUDEpn_crm_shortest][!INCLUDEpn_PowerShell] snap-in (Microsoft.Crm.PowerShell.dll). [!INCLUDEproc_more_information] Administer the deployment using Windows PowerShell
Add-PSSnapin Microsoft.Crm.PowerShell
-
Enter the following [!INCLUDEpn_PowerShell] commands.
$ClaimsSettings = Get-CrmSetting -SettingType OAuthClaimsSettings $ClaimsSettings.Enabled = $true Set-CrmSetting -Setting $ClaimsSettings
To register the external application with [!INCLUDEpn_adfs_short], follow these steps.
-
Log on to the [!INCLUDEpn_adfs_short] server as administrator and open a [!INCLUDEpn_PowerShell] command window.
-
Enter the following command.
Add-AdfsClient -ClientId <CLIENT_ID> -Name <APP_NAME> -RedirectUri <REDIRECT_URI>
Where <CLIENT_ID> is a unique number, <APP_NAME> is a name for the application, and <REDIRECT_URI> is any valid URI that [!INCLUDEpn_adfs_short] is to redirect to after authentication has completed. It is recommended that the client ID be a GUID. You can generate a GUID in [!INCLUDEpn_Visual_Studio] by opening the Tools menu and clicking Create GUID.
Adding, Updating, and Removing an Application
Authenticate Users with Dynamics 365 Customer Engagement (on-premises)
[!INCLUDEfooter-include]