Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to authenticate Multi Server URLs Using one azure Application credentials. #124

Closed
Ebrahemsamer2 opened this issue Mar 30, 2023 · 5 comments
Closed

How to authenticate Multi Server URLs Using one azure Application credentials. #124

Ebrahemsamer2 opened this issue Mar 30, 2023 · 5 comments
Labels
question

Comments

@Ebrahemsamer2
Copy link

Ebrahemsamer2 commented Mar 30, 2023
edited
Loading

Hello @georged

Thanks for sharing this package on GitHub,

I am using your package to allow my clients authenticate Using Username, Password ( deprecated now ) and use their Server URLs ,

Now to do the same you must register application in azure portal and authenticate using ( App ID, Secret ID ) it's more secure but this way is not clear and a little confusing for our clients to do.

1- So How can I make One Azure Application for my company and authenticate any Server Url for any client and use his data, is that doable ?

if not:

2- Is there a way to make it easier for clients like registering Azure application for them and get their credentials by using endpoint for example? OR Is there any service that allows me to authenticate for them using one credentials (mine).

Thanks @georged

Regards,
Ebrahem
@georged
Copy link
Contributor

georged commented Mar 31, 2023

HI Ebrahem,

while it's possible to create a multi-tenant app registration in your tenant, to get access to Dataverse in a different tenant, a consent needs to be granted + app user created anyway so the process is pretty much the same.

Yes, of course you can automate creation of the app id and secret. See https://learn.microsoft.com/cli/azure/ad/sp how to create a service principal (that's the one you want) using Azure CLI.

If you want to complete the entire process including registering a user in Dataverse and assign roles then consider using PowerShell version https://learn.microsoft.com/powershell/azure/create-azure-service-principal-azureps together with https://github.com/seanmcne/Microsoft.Xrm.Data.PowerShell to manipulate Dataverse data.

(Note that you can create credentials but not retrieve them.)

Hope it helps
George

@Ebrahemsamer2
Copy link
Author

Ebrahemsamer2 commented Apr 1, 2023
edited
Loading

Hello @georged,

Thanks for the quick respond.

I will read the articles you mentioned but let me ask another question,
After I work on this process what is the expected data should i take from user ? just Server Url ?

@georged
Copy link
Contributor

georged commented Apr 2, 2023

For multi-tenant app registration? In theory, yes, but you still need a consent / registration from the tenant administrator.

@Ebrahemsamer2
Copy link
Author

Consent from client side, so he gotta approve first if i can access his data or not.
Is that what're saying @georged ?

@georged
Copy link
Contributor

georged commented Apr 2, 2023

Even before accessing the data...

https://learn.microsoft.com/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant#understand-user-and-admin-consent-and-make-appropriate-code-changes

Accessing data in Dataverse is governed separately by app user roles.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@georged @Ebrahemsamer2