Entra ID - Portal Authentication
This article provides the steps to configure your Dynamics 365 portal to work with your customer’s or partner’s Azure AD without having to add them as guest users in your own Azure AD.
Pre-requisites
Performing this configuration will require the following:
- Portal Owner Privileges
- Azure Global Admin privileges on the tenant
Time required
This configuration is expected to take approximately 15 minutes
Additional Notes
If you change your domain and/or change your portal Base URL, these steps will need to be re-run, specifically step #3
Procedure
-
Login to Azure Portal using the Global administrator account and look for the 'Microsoft Entra ID' icon within the Azure Services section.
-
If you do not see the 'Microsoft Entra ID' icon, click on More Services
-
Click on 'App Registrations' on the left-hand navigation menu
-
Click the ‘+ New Registration’ button on the top pane
-
A new page will show a Register an Application form and go to the next step before filling this form
-
Paste the portal URL below:
-
Name Value Dynamics Portal URL
-
-
Copy these values and fill out the form as below:
-
Name Value Name Dynamics 365 Portals (Customer Login) Supported Accont Types (WEB) Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant) Redirect URL
-
-
This is how the form should look and then click on the 'Register' button
-
Within the newly created app, click the 'Authentication' menu on the left-hand navigation. On the right-hand pane, check the boxes below and click 'Save'
-
Click on 'Overview' on the left-hand navigation menu and copy the 'Application (client) ID'
-
Save the 'Application (client) ID' as this will require further steps.
Your SSP Integrated login setup has been completed.
Manual Steps
Follow these steps only if you are not using the Onboarding App
Procedure
-
Go back to your CRM and click on the 'App' beside Dynamics 365 at the top-left corner
-
Click on 'Portal Management'
-
On the left-handed menu click on 'Site Settings'
-
Create the described records below by clicking on '+ New' located at the top-ribbon menu:
-
The settings should be created as follows:
-
The name described in the table below (Make sure there are no white spaces in the name)
-
Self-Service Portal name (Click on the magnifier to display the Portal list)
-
Value described in the table below
-
-
After filling in the described information on the records, click 'Save & Close'. Repeat until you create all the records.
-
Create the following list of records one by one:
-
Name Value Authentication/OpenIdConnect/CustomerAzureAD/Authority https://login.windows.net/common Authentication/OpenIdConnect/CustomerAzureAD/Caption Customer Login Authentication/OpenIdConnect/CustomerAzureAD/ClientId [Use 'Application ID' noted in step #10 (First part of KB)] Authentication/OpenIdConnect/CustomerAzureAD/ExternalLogoutEnabled true Authentication/OpenIdConnect/CustomerAzureAD/IssuerFilter https://sts.windows.net/*/ Authentication/OpenIdConnect/CustomerAzureAD/RedirectUri Redirect URL from step #7 Authentication/OpenIdConnect/CustomerAzureAD/ValidateIssuer false
-
-
Modify the following values:
-
Name Value Authentication/Registration/AzureADLoginEnabled false Authentication/Registration/LocalLoginEnabled false Authentication/Registration/OpenRegistrationEnabled false Authentication/Registration/LoginButtonAuthenticationType https://login.windows.net/common
-
-
Make sure all parameters are configured correctly and no duplicates values. Otherwise this will cause Self-Service Portal Malfunctioning
Updated 3 months ago