D365 CRM: Configure Application User to use it in the Connection String

by Damian Sinay on 10/06/2022 – 0 comments


  • Now is a good practice to use an Application User instead of a User/Password to connect to the SDK API for security purpose. To archive this, you need to follow these steps in your Azure Tenant:
    -Create an App Registration under Azure Active Directory:
     


    -Set the name that will be displayed in D365. Leave the Supported account type as Single Tenant (default value).
    -Once created, copy the Application (client) ID to use later as the Client ID and the Directory (tenant) ID to use later as the Tenant ID:
     
    -Navigate to Certificates & secrets and click New client secret, under Client secrets:
     
    -Enter a description for the client secret and select the expiry date for the client secret. The maximum you can select is 24 months. After the expiry, a new secret will need to be generated, and any applications using the secret will need to be updated. It’s worth setting a reminder for this, to avoid any service interruptions.
    -Once the secret is created, copy the Value. This will be used as the Client Secret later. This is the only chance you’ll have to copy the secret, so be sure to save it somewhere safe. If you lose the value, you can always generate another later.



    -Navigate to API permissions and select Add a permission:

    -From the Request API permissions screen, located Dynamics CRM:
     
    -Under Delegated permissions, select user_impersonation and then Add permissions:
     
    -Open the Power Platform Admin Center as a System Administrator, and select your Dynamics 365 Environment, select Settings, under Users + permissions select Application users:
     
    -Click New app user, click Add an app, select the App you created earlier. Then select the Business Unit and add the System Administrator role:

    To finish, in your code that needs to consume the SDK API, configure the connection string using the Client ID, the Client Secret and the Tenant ID copied in the previous steps like this:
    AuthType=Secrets;url=https://{CRM_ORGANZATION}.api.crm.dynamics.com;secret={CLIENT_SECRET};AppId={CLIENT_ID};tenantid={TENANT_ID};RequireNewInstance=true;SkipDiscovery=true

    Original Source:
    https://blog.magnetismsolutions.com/blog/paulnieuwelaar/2021/09/21/setting-up-an-application-user-in-dynamics-365

    Enjoy it!

    • Comments



Add a Comment