Documentation
Start typing to search…

Azure AD Integrated Login (Manual Process)

This article provides the steps to configure your Dynamics 365 portal to work with your customer’s or partner’s Azure AD without having to add them as guest users in your own Azure AD.

Pre-requisites

Performing this task will require the following:

  • Portal Owner privileges
  • Azure Admin privileges on the tenant

Time required

This configuration process is expected to take 15 minutes

Additional Notes

If you configure a custom domain and/or change your portal Base URL, these steps will need to be re-run, specifically step #3

Procedure

  1. Login to Azure Portal using the Global administrator account and click on the 'Azure Active Directory' icon within the Azure Services section. In case you don’t find the 'Azure Active Directory' icon click on More Services.
  1. Click on 'App Registrations' on the left-hand navigation menu and then click the ‘+ New Registration’ button on the right-side pane

  1. Enter the Redirect URL as : https://<yourportal.domain.com>/signin-oidc

  2. Copy the following values paste them into the Register Application Page and click 'Register':

  1. Within the newly created App click on ‘Authentication’ menu on the left-hand side navigation. On the right-hand pane tick the below checkboxes and hit ‘Save’.
  1. Click on 'Overview' on the left-hand navigation menu and copy the 'Application (client) ID'
  1. Go back to your CRM and click o the 'App' besides Dynamics 365 at the top-left corner

  1. Click on 'Power Pages Management'

  2. On the left-handed menu click on 'Site Settings'

  1. Create the following list of records one by one:
Name Value
Authentication/OpenIdConnect/CustomerAzureAD/Authorityhttps://login.windows.net/common
Authentication/OpenIdConnect/CustomerAzureAD/CaptionCustomer Login
Authentication/OpenIdConnect/CustomerAzureAD/ClientId[Use 'Application ID' noted in step 3]
Authentication/OpenIdConnect/CustomerAzureAD/ExternalLogoutEnabledtrue
Authentication/OpenIdConnect/CustomerAzureAD/IssuerFilterhttps://sts.windows.net/*/
Authentication/OpenIdConnect/CustomerAzureAD/RedirectUri['Redirect URL' from Step #3]
Authentication/OpenIdConnect/CustomerAzureAD/ValidateIssuerfalse
Authentication/Registration/AzureADLoginEnabledfalse
Authentication/Registration/LocalLoginEnabledfalse
Authentication/Registration/OpenRegistrationEnabledfalse
Authentication/Registration/LoginButtonAuthenticationTypehttps://login.windows.net/common

  1. 📘

    Make sure all parameters are configured correctly. Otherwise this will cause Self-Service Portal Malfunctioning

  2. You can create the above described records by click on '+ New' located at the top-ribbon menu

  1. After filling the described information on the records click on 'Save & Close'. Repeat until you create all the records.

👍

Your SSP Integrated login setup has been completed.

Updated about 2 months ago