Skip to main content

Microsoft Dynamic 365 Internal Authentication Setup

Obtain authentication and other information from Microsoft Dynamics 365.

Updated this week

Introduction

Obtain authentication and other information from Microsoft Dynamics 365. This includes OAuth 2.0 client credentials, the tenant ID, grant type, client ID and secret, and scope.

Application Configuration in MSD 365

An application must be created in the Microsoft Entra Admin Center. Follow these steps to create the application:

  1. Navigate to Microsoft Entra Admin Center.

  2. Log in with your Microsoft Admin Account.

  3. Go to Applications > App Registrations.

  4. Click on Create New Registration.

  5. Enter a display name for this application.

  6. Choose the appropriate option to determine who can use this application.

  7. Enter a Redirect URL (optional);

    • https://portal.ipaas.com/customer/subscription-mgmt/subscriptions/authorization/app (for the returning authentication responses (tokens) after successfully authenticating or signing out users)

You will now receive the Client ID and Tenant ID.

Certificates & Secrets

  1. Click the Certificates & Secrets tab.

  2. Click New Client Secret.

  3. Add a description and set the expiration for the client secret.

  4. Click Add to generate the Client Secret. Save the client secret in a secure location, as it can only be copied once and will not be displayed again.

  5. Return to the App registrations tab and select Overview.

Application Client ID:

  1. opy the Application (client) ID. This is the Client ID you will use installing the integration.

  2. From the App registrations > Overview tab, find and copy Directory (tenant) ID.

Add Permissions in Microsoft Dynamics 365 Business Central

  1. Go to the API permissions then click Add a permission.

  2. On the Request API permissions screen, select Dynamics 365 Business Central.

  3. Select Application permissions and select or add the following permissions:

    • app_access

      • AdminCenter.ReadWrite.All

      • API.ReadWrite.All

      • Automation.readWrite.All

OAuth 2.0 Client Credentials Grant Configuration

The OAuth 2.0 client credentials grant flow allows a web service (a confidential client) to use its own credentials to authenticate and access another web service. This flow is for applications that need to act on their own behalf, without a user's involvement.

  • Permissions are granted directly to the application by an administrator.

  • The application itself is authorized to perform actions since no user is involved in the authentication.

This flow provides an access token valid for 60 minutes. To generate an access token, the following details are required in the iPaaS.com subscription settings:

  • Tenant ID: The directory (tenant) ID where the application is registered.

  • Grant Type: Must be statically set to client_credentials.

  • Client ID: The application (client) ID assigned to your app during registration.

  • Client Secret: The secret key generated for the application. This value must be saved in a secure location.

  • Scope: The specific permissions or resources the app is requesting access to.

    • For our configuration, this must be statically set to https://api.businesscentral.dynamics.com/.default.
      The .default scope is used to refer generically to a resource service (API) without specifying individual permissions.

OAuth 2.0 Authorization Code Grant Configuration

The OAuth 2.0 authorization code grant type enables a client application to gain authorized access to protected resources, such as web APIs. This flow involves a user signing into the app to access their data. This flow requires a user-agent (like a web browser) that can be redirected from the authorization server back to your application. A user must sign into your app to access their data.

This flow provides:

  • An access token valid for 60 minutes.

  • A refresh token to get new access tokens without requiring the user to re-authorize the application. This allows for seamless subsequent requests.

To configure this grant, you need the following:

  • Tenant ID: The directory (tenant) ID where the application is registered.

    • Location: Found in the Microsoft Entra admin center under Identity > Overview > Tenant information.

  • Client ID: The unique application (client) ID assigned to your app.

    • Location: Found in the Microsoft Entra admin center under Identity > Overview > Client ID information.

  • Response Type: Must include code for the authorization code flow. It can also include an id_token or token.

  • Redirect URL: The URL of your app where authentication responses will be sent.

With this information, you can install the integration.

Integration Configuration for MS Dynamics Basic Authentication

  1. Log in to iPaaS.com based on the environment where you want to configure your application.

  2. Select your company where your MSD 365 Integration exists.

  1. Go to Subscriptions Management and click Search Certified Integration Marketplace & Subscribe.

  1. Click the Microsoft Dynamic 365 Integration title.

  2. Click the Subscribe button.

  3. Enter the Name of the subscription and select a version. It can be set to any relevant and unique subscription name within the company where this subscription is created.

  4. Provide the API URL endpoint for you Microsoft Dynamics 365 instance.

    • Environment URLs:

      • Test/Sandbox: https://api.businesscentral.dynamics.com

      • Production: https://api.businesscentral.dynamics.com

  1. Enter the Environment. For example, WEBsB2.

  2. Enter the Tenant ID. For example,
    08d1a030-9b1a-491d-a1fe-8fd964a372fa

  3. Enter the Company Name.

  4. Enter the Tenant ID, the Microsoft directory where the application is registered. You can find this in the Microsoft Entra Admin Center > Identity > Overview >Tenant Information. Copy the value and paste it in.

  5. Set Grant Type to client_credentials.

  6. Enter the Client ID, the unique identifier for your application registered in Microsoft Entra ID. You can find this at Microsoft Entra Admin Center > Identity > Overview > Client ID information.

Initiate the OAuth Flow and Generate the Access Token

  1. Go to the Microsoft Dynamics 365 Subscription that was created earlier.

  2. Click the Authentication icon in the top toolbar.


    A new browser window will open, redirecting to a URL containing code, state, and session_state parameters. A success message displays if the code is validated.

  3. After the confirmation page is displayed, you may close the window.

  4. Refresh the iPaaS.com subscription page .If successful, the Access Token and Refresh Token will now be populated.

NOTE: If an error occurs, double-check that all settings match the configuration described above.

Related Articles
Shopware Connections and Settings
Acumatica Connections and Settings
Zoho CRM Connections and Settings
Oracle NetSuite Connections and Settings
Microsoft Dynamics 365 Connections and Setting
Did this answer your question?