Dynamics 365 Online Authenticate with Client Credentials

The previous blog covered details on using User Credentials to authenticate with Dynamics CRM 365 Online. This can be a problem when executing long running background application processes that integrates with Dynamics CRM 365 Online.  The problem is that a User can change their password therefore the configured password against the background application would always need updating.

Using Client Credentials for authentication with Dynamics CRM 365 Online will resolve this issue of using User Credentials which constantly changes and requires a Dynamics CRM 365 Online license. Client Credentials are made up of a client id and client secret which firstly need to be setup and generated in Microsoft Azure. Once you have the client id and client secret, this can be used to obtain a bearer token. Here are the steps you would need to follow to authenticate using Client Credentials.

1. Register a App against Azure Active Directory
i. Log into https://portal.azure.com, navigate to Azure Active Directory -> App registrations and click on New application registration

image thumb Dynamics 365 Online Authenticate with Client Credentials

ii. Create the new App registration with Web app / API as the Application Type

image thumb 1 Dynamics 365 Online Authenticate with Client Credentials

image thumb 2 Dynamics 365 Online Authenticate with Client Credentials

iii. Grant permissions to Dynamics CRM Online by navigating to Settings -> Required permissions. Click on Add and select Dynamics CRM Online

image thumb 3 Dynamics 365 Online Authenticate with Client Credentials

iv. Select the following permissions then click Done

image thumb 4 Dynamics 365 Online Authenticate with Client Credentials

v. Dynamics CRM Online should now be added to the list of Required permissions. Click on Grant Permissions to complete the process
  image thumb 5 Dynamics 365 Online Authenticate with Client Credentials

vi. Setup client secret key by navigating to Settings -> Keys, create a new Key and save to generate a new Secret key value

image thumb 6 Dynamics 365 Online Authenticate with Client Credentials

NOTE: Take note of the generated key value since it would not be visible the next time you navigate to the Keys List

2. Create a new Office 365 user
i. Log into https://portal.office.com/adminportal, navigate to User -> Active users and click on Add a user

image thumb 7 Dynamics 365 Online Authenticate with Client Credentials

ii. Fill in User details

image thumb 8 Dynamics 365 Online Authenticate with Client Credentials

iii. Assign the Dynamics 365 Service Administrator Role

image thumb 9 Dynamics 365 Online Authenticate with Client Credentials

iv. Apply the Dynamics 365 Product Licence and click Add

image thumb 10 Dynamics 365 Online Authenticate with Client Credentials

3. Create a new Dynamics 365 Application user
i. Log into Dynamics 365 Online, navigate to Settings -> Security -> Users and change the view to Application Users. Click on New to open a new Application User Form

image thumb 11 Dynamics 365 Online Authenticate with Client Credentials

ii. Fill in the following fields.
The value of the Application ID field will be the GUID value obtained from previous steps 1.

image thumb 12 Dynamics 365 Online Authenticate with Client Credentials

iii. Once saving the record the following fields will be auto populated by Dynamics 365

image thumb 13 Dynamics 365 Online Authenticate with Client Credentials

4. Create new Security Role and assign to Application user
i. Navigate to Settings -> Security -> Security Role and Copy the System Administrator Role

image thumb 14 Dynamics 365 Online Authenticate with Client Credentials

ii. Name the new security role and completed the creation process

image thumb 15 Dynamics 365 Online Authenticate with Client Credentials

iii. Assign the new security role to the Application User

image thumb 16 Dynamics 365 Online Authenticate with Client Credentials

iv. Remove Dynamics 365 license for the User in Office365 admin portal

image thumb 17 Dynamics 365 Online Authenticate with Client Credentials

5. Get Bearer Access Token by sending HTTP POST request to Token endpoint
The Token URL endpoint for any Dynamics CRM 365 Online would be https://login.microsoftonline.com//oauth2/token

Obtain the tenant id from the Azure Portal

image thumb 18 Dynamics 365 Online Authenticate with Client Credentials

The body content of the HTTP Request will contain the following and will be URL encoded

image thumb 19 Dynamics 365 Online Authenticate with Client Credentials

A refresh token is not included as part of the response when using Client Credentials to authenticate, this is only available when authenticating using User Credentials.

So once the access token has been obtained then you can use this token in the Authorization header for all the request to Dynamics CRM 365 Online Web API.

Let’s block ads! (Why?)

Magnetism Solutions Dynamics CRM Blog