This article describes the required steps to use “Application Access” for our Online Services using your own application.
Prerequisites
- 2020.96 DocumentsCorePack: How to check or update your solution.
- 2020.12 AttachmentExtractor: How to check or update your version
- Azure Role requirement: Application admin rights within your Azure tenant to create an application
Step 1: Create Custom application
The following article describes how to create/register a new application: Register an application with Microsoft.
Please follow the steps as described and use the following parameters.
Application settings:
- Account type: Accounts in this organizational directory only
Add credentials: You can choose between a client-secret way or a certificate-based way which includes a connection to SharePoint as well.
- Add client secret which supports only Dynamics 365 connections or
- Add a certificate which supports Dynamics 365 and SharePoint connections. If you don´t have a certificate, you can create
Please note: Do not encrypt the private key!
IMPORTANT: Once created you have to copy & save your created client secret. You will need it for the setup and cannot review it again after creation.
Note: The custom application requires the following minimum set of privileges (see this article for information about adding security):
- User.Read rights in Azure Active Directory Graph
- user_impersonation in Dynamics CRM
- Sites.ReadWrite.All in SharePoint (optional)
Figure 1 : Application settings
Step 2: Create an application user in Microsoft Dynamics 365
In this step you learn to create an application user. Follow this link to manage application users in the Power Platform admin center.
Step 3: Connect our online service via custom application
Within the connection settings of the DocumentsCorePack or AttachmentExtractor Service configuration you have to choose the connection type ❶ “App Access (custom)” and provide the following details:
Authenticate with “Client secret”
❷ Username: Application user created in Step #2 or a username with a fully qualified domainname (like any user from Dynamics 365)
❸ Application ID: Id of the application created in step #1
❹ Client Secret: Client secret created in step #1
❺ Then hit the [Retrieve Organizations]–button and ❻ [Verify Connection & Save Profile].
Figure 9: Create CRM connection profile
Authenticate with Certificate
❷ Username: Application user created in Step #2 or a username with fully qualified domainname (like any user from Dynamics 365).
❸ AzureAD Domain: If you follow this link you can find the “Azure AD Tenant ID” or “Primary domain“-name within the Azure portal.
❹ Application ID: Id of the application created in step #1.
❺ Certificate based: Tick the option to enable the certificate upload.
❻ PFX: Select the certificate (containing the private key) you want to upload. If you don´t have a certificate, you can create
- a self-signed certificate via Powershell as described here or
- a self-signed certificate via open SSL as described here.
Please note: Do NOT encrypt the private key!
❼ PFX Password: The password for the private key in the certificate.
❽ and then hit the [Retrieve Organizations]-button.
Figure 10: Create CRM connection profile for authentication with “Certificate”
❶ SharePoint connection opens. Connect as ❷ AppAccess (custom). Enter the ❸ Application ID and ❹ PFX, set the ❺ Password and ❻ any SharePoint Username of your AzureAD Domain. Hit the ❼ [Setup SharePoint Connection]-button. Commit with ❽ [Verify Connection & Save Profile].
Figure 11: SharePoint connection
That’s it! We appreciate your feedback! Please share your thoughts by sending an email to support@mscrm-addons.com.