You can configure OAuth 2.0 password grant, OAuth 2.0 client certificate grant, and OAuth 2.0 client secret grant authentications to connect to Microsoft Dynamics 365 for Sales deployed online or on-premises.
Before you configure the connection properties, you need to keep the authentication details handy based on the authentication type that you want to use.
OAuth 2.0 password grant
You need the Microsoft Dynamics 365 for Sales user name and password to configure OAuth 2.0 password grant authentication to access Microsoft Dynamics 365 for Sales deployed online or on-premises. You additionally need the security token service URL to access the instance deployed on-premises.
To get these details, the organization administrator needs to register your on-premises Microsoft Dynamics 365 for Sales application with Azure Active Directory.
For more information about the registration steps with Azure Active Directory, see Register your application.
OAuth 2.0 client secret grant
You need the client secret to use OAuth 2.0 client secret grant authentication to access Microsoft Dynamics 365 for Sales.
To get the client secret, you need to register your Microsoft Dynamics 365 for Sales web application and create a new application user for the registered application.
Perform the following tasks to create a new application user for the registered application.
1Go to the Azure registered applications page in Azure Active Directory.
2Select your application.
3Click New client secret to generate a client secret.
5Navigate to Environments and select the required environment.
6In the Settings option for the environment, click Users+permissions.
7Select the Applications users option.
8Click +New app user.
A tab opens on the right requesting for App and User details.
9Create a new application user and enter the details shown in the following image:
You can choose an App, a Business Unit, and Security role for the new application user.
10Click Create.
Keep the generated application ID and client secret handy to use in a Microsoft Dynamics 365 for Sales connection.
OAuth 2.0 client certificate grant
You need a valid client certificate to use the client certificate grant authentication type.
To get the client certificate, register your Microsoft Dynamics 365 for Sales web application and create a new application user for the registered application.
From the command line, run the following commands from any machine and use the certificates in the Azure Active Directory application.
1To create a public-private key pair, run the following command:
keytool -genkey -alias <keypair_name1> -keyalg <key_algorithm> -validity <number_days> -keystore <path and file name of the generated certificate> -storetype <store_type> -keypass <key_password> -storepass <store_password>
For example, keytool -genkey -alias keyalias -keyalg RSA -validity 1825 -keystore "C:\Cdrive\Cloud\R27\MSDCRM_WebAPI\MSDCRM_WebAPI\certificate\iicsdummy.com\federated.jks" -storetype JKS -keypass keypassword -storepass changeit
2To import the root CA certificate(s) followed by the user's signed certificate to the keystore, run the following commands:
akeytool -import -trustcacerts -alias <keypair_name2> -file <CA_certificate_name> -keystore <path and file name of the generated certificate>
keytool -import -trustcacerts -alias <keypair_name2> -file <CA_certificate_name> -keystore <path and file name of the generated certificate>
bkeytool -import -trustcacerts -alias <keypair_name1> -file <user's_signed_certificate_name> -keystore <path and file name of the generated certificate>
For example, keytool -import -trustcacerts -alias keyalias -file b2024001944cdb12.crt -keystore "C:\Cdrive\Cloud\R27\MSDCRM_WebAPI\MSDCRM_WebAPI\certificate\iicsdummy.com\federated.jks"
Note: These steps might vary depending on the types of files you receive from the CA. If you receive a single file with all the certificates, perform only step b. Do not perform these steps for self-signed certificates.
3To export the certificate from the keystore, run the following command:
keytool -export -alias <keypair_name1> -file <certificate_name> -keystore <path and file name of the generated certificate>
For example, keytool -export -alias keyalias -file keyalias.crt -keystore "C:\Cdrive\Cloud\R27\MSDCRM_WebAPI\MSDCRM_WebAPI\certificate\iicsdummy.com\federated.jks"
4Upload the certificate or public key under a new Web application.
6Navigate to Environments and select the required environment.
7In the Settings option for the environment, click Users+permissions.
8Select the Applications users option.
9Click +New app user.
A tab opens on the right requesting for App and User details.
10Create a new application user and enter the details shown in the following image:
You can choose an App, a Business Unit, and Security role for the new application user.
11Click Create.
Keep the generated application ID, keystore file, keystore password, key alias, and key password handy to use in a Microsoft Dynamics 365 for Sales connection.