OAuth with Azure Active Directory for Dynamics CRM oauth-with-azure-active-directory-for-dynamics-crm
Who’s Affected who-s-affected
This setup is for new Marketo Measure customers using Dynamics CRM with an Azure Active Directory (AAD) account, or for customers that want to migrate from their legacy username and password login to Azure Active Directory with OAuth.
Set Up New Application set-up-new-application
-
Sign-in to your Azure Portal.
-
Choose your Azure AD tenant by clicking on your account in the top-right corner of the page, followed by clicking on the Switch Directory navigation and then selecting the appropriate tenant (skip this step if you only have one Azure AD tenant under your account or if you’ve already selected the appropriate Azure AD tenant).
-
Search for “Azure Active Directory” in the search bar and click the name to open.
-
Click App Registrations in the left-hand menu.
-
Click New Registration at the top.
-
Follow the prompts and create a new application. It doesn’t matter if it’s a web application or a public client (mobile & desktop) application, but if you’d like specific examples for web applications or public client applications, check out our quickstarts.
a. Name is the application name and describes your application to end users.
b. Under Supported account types, select Accounts in any organizational directory and personal Microsoft accounts.
c. Provide the Redirect URI. For Web Applications, this is the base URL of your app where users can sign in. For example,http://localhost:12345
. For public client (mobile & desktop), Azure AD uses it to return token responses. Enter a value specific to your application. For example,http://MyFirstAADApp
. -
Once you’ve completed registration, Azure AD will assign your application a unique client identifier (the Application ID). You need this value in the next section, so copy it from the application page.
-
To find your application in the Azure portal, click App Registrations, then click All Applications. Open your newly created application
-
Click Authentication in the left-hand menu.
-
Add the Marketo Measure redirect URLs:
https://apps.bizible.com/OAuth2
andhttps://apps.bizible.com/OAuth2?identityOnly=true
to the list of Redirect URLs. -
Navigate to the API Permissions tab and make sure the correct permissions are assigned to the application.
-
From here, enter “enterprise” in the search box and click Enterprise Applications.
-
Again, find and open your new application from the list of applications.
-
From the Permissions tab, click Grant Admin Consent for (instance name).
-
Click Accept.
-
From the “Users and Groups” tab, make sure that the valid “Users and Groups” are assigned to the Application.
Creating an Application User creating-an-application-user
Once the application registration is done, then an application user can be created.
-
Navigate to your Common Data Service environment (
https://[org].crm.dynamics.com
). -
Navigate to Settings > Security > Users.
-
Choose Application Users in the view filter.
-
Select + New.
-
In the Application User form, enter the required information.
note note NOTE -
The user name information must not match a user that exists in the Azure Active Directory.
-
In the Application ID field, enter the application ID of the app you registered earlier in the Azure AD.
-
-
If the setup is correct, then after selecting Save, the Application ID URI and Azure AD Object Id fields will auto-populate with correct values.
-
Before exiting the user form, choose Manage Roles and assign a security role to this application user so that the application user can access the desired organization data.
Connecting your Dynamics Instance via OAuth connecting-your-dynamics-instance-via-oAuth
-
When setting up your Dynamics connection for the first time, follow steps 1-5 of the “CRM as a Data Provider” section in this article.
-
When prompted for OAuth credentials, fill in the Client Id, Client Secret, and Application Id URI that were set up in the section above.
a. Client Id is the Id from Step #7 in the section above. If you didn’t write it down, the Application Id is displayed in the Settings of the App registration.
b. Client Secret is the application secret created in the Azure Portal for your application under Certificates & Secrets.
c. Application ID URI is the URL of the target web API (secured resource). To find the App ID URL, in the Azure Portal, click Azure Active Directory, click Application registrations, open the application’s Settings page, then click Properties. It may also be an external resource like https://graph.microsoft.com
. This is normally the URL of the Dynamics instance.
- After you click Submit, you’ll be prompted to sign-in with Azure Active Directory. When the authentication is successful, your Dynamics account will be connected as a data provider within Marketo Measure.
Re-authenticating your Dynamics Account re-authenticating-your-dynamics-account
-
When you’re in the Marketo Measure application, go to My Settings > Settings > Connections.
-
Click on the key icon in the CRM section next to the Dynamics connection.
-
Once the key is clicked, a pop-up will appear and you’ll be prompted to enter the Client Id, Client Secret, and Application Id URI, similar to the signup flow.
-
After you click Submit, you’ll be prompted to sign-in with Azure Active Directory. When the authentication is successful, your Dynamics account will be re-authorized within Marketo Measure.