Articles in this section

Application User Authentication

Avatar
Weston Packard
  • Edited

Purpose

Click's CRM requires Application User with Client Secret for authentication. This allows the use of a service account that does not need a CRM user license and may help mitigate Microsoft API limits. 

As a best practice, it is recommended that a unique Application User is used for each environment to help isolate issues between environments.

Setting up an Application Registration

To make use of this, an application registration needs to be created in Microsoft Entra ID (the new name for Azure Active Directory). To do this:

  1. Navigate to https://admin.powerplatform.microsoft.com and sign in, or from your Common Data Service environment web page. 
  2. Choose Microsoft Entra ID

MS_Entra_admin_center_Identity_Home.png

3. From the left panel, choose  Identity > Applications > App registrations

MS_Entra_admin_center_Identity_AppReg.png

4. Choose + New registration

MS_Entra_admin_center_Identity_New registration.png

5. In the Register an application form provide a name for your app, select Accounts in this organizational directory only, and choose Register. A redirect URI is not needed for this walkthrough and the provided sample code. 

MS_Entra_Register App.png

6. On the Overview page, select API permissions

MS_Entra_admin_center_Identity_API Permissions.png

7. Choose + Add a permission 

8. In the Microsoft APIs tab, choose Dynamics CRM 


MS_Entra_API Permissions_DynamicsCRM.png

9. In the Request API permission form, select Delegated permissions, check user_impersonation, and select Add permissions 

MS_Entra_API Permissions_CRM_Delegate permissions.png

10. On the API permissions page below Grant consent, select Grant admin consent for "org-name" and when prompted choose Yes

MS_Entra_API Permissions_CRM_Grant admin consent.png

11. Select Overview in the navigation panel, record the Display name, Application ID, and Directory ID values of the app registration. You will provide these later in the code sample.

12. In the navigation panel, select Certificates & secrets.
 

Application User authentication with Client Secrets

To setup a client secret to identify your application, follow these steps after selecting Certificates & secrets:

    1. Below Client secrets, choose + New client secret to create a secret. Please note that these client secrets will eventually expire and may need to be generated again. The recommended lifetime for these client secrets is 6 months, and their maximum lifetime is 2 years.
    2. In the form, enter a description and select Add. Record the client secret value. You will not be able to view the secret again once you leave the current screen.

      MS_Entra_Client Secret.png

Creating an Application User 

Once the application registration is done, then an application user can be created by following the steps in this Microsoft article.

After the application user is created, then you can find this user in CRM to access the  MANAGE ROLES option and assign the Service security role and/or the System Administrator security role to this application user so that the application user can access the desired organization data.

 

Was this article helpful?

Related articles