Entra ID - Portal Authentication

This article provides the steps to configure your Dynamics 365 portal to work with your customer’s or partner’s Azure AD without having to add them as guest users in your own Azure AD.


Performing this configuration will require the following:

  • Portal Owner Privileges
  • Azure Global Admin privileges on the tenant

Time required

This configuration is expected to take approximately 15 minutes

Additional Notes


If you change your domain and/or change your portal Base URL, these steps will need to be re-run, specifically step #3


  1. Login to Azure Portal using the Global administrator account and look for the 'Microsoft Entra ID' icon within the Azure Services section.

  2. If you do not see the 'Microsoft Entra ID' icon, click on More Services

  3. Click on 'App Registrations' on the left-hand navigation menu

  4. Click the ‘+ New Registration’ button on the top pane

  5. A new page will show a Register an Application form and go to the next step before filling this form

  6. Paste the portal URL below:

    1. Name Value
      Dynamics Portal URL

  7. Copy these values and fill out the form as below:

    1. Name Value
      Name Dynamics 365 Portals (Customer Login)
      Supported Accont Types (WEB) Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant)
      Redirect URL

  8. This is how the form should look and then click on the 'Register' button

  9. Within the newly created app, click the 'Authentication' menu on the left-hand navigation. On the right-hand pane, check the boxes below and click 'Save'

  10. Click on 'Overview' on the left-hand navigation menu and copy the 'Application (client) ID'

  11. Save the 'Application (client) ID' as this will require further steps.


Your SSP Integrated login setup has been completed.

Manual Steps


Follow these steps only if you are not using the Onboarding App


  1. Go back to your CRM and click on the 'App' beside Dynamics 365 at the top-left corner

  2. Click on 'Portal Management'

  3. On the left-handed menu click on 'Site Settings'

  4. Create the described records below by clicking on '+ New' located at the top-ribbon menu:

  5. The settings should be created as follows:

    1. The name described in the table below (Make sure there are no white spaces in the name)

    2. Self-Service Portal name (Click on the magnifier to display the Portal list)

    3. Value described in the table below

  6. After filling in the described information on the records, click 'Save & Close'. Repeat until you create all the records.

  7. Create the following list of records one by one:

    1. Name Value
      Authentication/OpenIdConnect/CustomerAzureAD/Authority https://login.windows.net/common
      Authentication/OpenIdConnect/CustomerAzureAD/Caption Customer Login
      Authentication/OpenIdConnect/CustomerAzureAD/ClientId [Use 'Application ID' noted in step #10 (First part of KB)]
      Authentication/OpenIdConnect/CustomerAzureAD/ExternalLogoutEnabled true
      Authentication/OpenIdConnect/CustomerAzureAD/IssuerFilter https://sts.windows.net/*/
      Authentication/OpenIdConnect/CustomerAzureAD/RedirectUri Redirect URL from step #7
      Authentication/OpenIdConnect/CustomerAzureAD/ValidateIssuer false

  8. Modify the following values:

    1. Name Value
      Authentication/Registration/AzureADLoginEnabled false
      Authentication/Registration/LocalLoginEnabled false
      Authentication/Registration/OpenRegistrationEnabled false
      Authentication/Registration/LoginButtonAuthenticationType https://login.windows.net/common

  9. 📘

    Make sure all parameters are configured correctly and no duplicates values. Otherwise this will cause Self-Service Portal Malfunctioning