Microsoft Dynamics CRM OAuth Integration

4
votes

I need to integrate my web application (multi-tenant SaaS product) into my users' Dynamics CRM so it can pull their data.

I have learnt that Azure Active Directory apps can take care of such integrations (OAuth) but I cannot figure out how my users can grant my app access to their Dynamics CRM data.

Apparently, every user of mine should create an Azure AD app (with access to their Dynamics CRM account) and then my Azure AD app should be authorised to make requests on behalf of their AD app.

I have no idea how I can make this process work.

Any advice would be much appreciated.

2
azureactive-directorydynamics-crm

2 Answers

0
votes

For Dynamics CRM versions 2016 and 365, data can be accessed via the Web API.

When using the Web API by sending, for example, an HTTP GET request, a request header must be present in the format: { 'Authorization': 'Bearer' + token } where token is an OAuth 2 Bearer Token.

To obtain a token, I'd suggest using the Azure AD authentication Library (ADAL).

To authenticate with Dynamics CRM via ADAL, you'll have to register your web application under Azure Active Directory along with Dynamics CRM. Registering your app will give you a client ID which is required by the OAuth 2.0 authorisation flow. This post is very useful.

0
votes

If your app will have administrative privilege, then it will have access to other user's data. There are several things you should make sure of when configuring OAuth, check this: http://phuocle.net/crm/dynamics-365-online-s2s-authentication-full-explain.aspx

so to highlight the most important things from my perspective:

  • you should have a special user for handling that
  • this user should not have any license assigned - so you have to sign a license for him, a take it back after done configuring him
  • user should have a custom role (can be role copied from System Administrator)