Azure AD Integrated Login (Manual Process)

This article provides the steps to configure your Dynamics 365 portal to work with your customer’s or partner’s Azure AD without having to add them as guest users in your own Azure AD.

Suggest Edits

Pre-requisites

Performing this task will require the following:

  • Portal Owner privileges
  • Azure Admin privileges on the tenant

Time required

This configuration process is expected to take 15 minutes

Additional Notes

If you configure a custom domain and/or change your portal Base URL, these steps will need to be re-run, specifically step #3

Procedure

  1. Login to Azure Portal using the Global administrator account and click on the 'Azure Active Directory' icon within the Azure Services section. In case you don’t find the 'Azure Active Directory' icon click on More Services.
  1. Click on 'App Registrations' on the left-hand navigation menu and then click the ‘+ New Registration’ button on the right-side pane
  1. Fill in the App Registration form with the details outlined below:

Name:Dynamics 365 Portals Customer Login
Supported Account Types:Accounts in any organizational directory (Any Azure AD directory Multitenant)
Redirect URI: Select ‘Web’ in the dropdown and enter your Portal base URL appended with ‘/signin-oidc’ in the text box
E.g.If your portal URL is https://iotap.microsoftcrmportals.com/ then the URL to be entered would be https://iotap.microsoftcrmportals.com/signin-oidc
  1. Make sure you have filled all required information and click on the ‘Register’ button
  1. Within the newly created App click on ‘Authentication’ menu on the left-hand side navigation. On the right-hand pane tick the below checkboxes and hit ‘Save’.

  1. Click on 'Overview' on the left-hand navigation menu and copy the 'Application (client) ID'

  2. Go back to your CRM and click o the 'App' besides Dynamics 365 at the top-left corner

  1. Click on 'Portal Management'
  1. On the left-handed menu click on 'Site Settings'
  1. Create the following list of records one by one:
    Name Value
    Authentication/OpenIdConnect/CustomerAzureAD/Authorityhttps://login.windows.net/common
    Authentication/OpenIdConnect/CustomerAzureAD/CaptionCustomer Login
    Authentication/OpenIdConnect/CustomerAzureAD/ClientId[Use 'Application ID' noted in step 3]
    Authentication/OpenIdConnect/CustomerAzureAD/ExternalLogoutEnabledtrue
    Authentication/OpenIdConnect/CustomerAzureAD/IssuerFilterhttps://sts.windows.net/*/
    Authentication/OpenIdConnect/CustomerAzureAD/RedirectUri['Redirect URL' from Step #3]
    Authentication/OpenIdConnect/CustomerAzureAD/ValidateIssuerfalse
  2. Modify the following values:
Name Value
Authentication/Registration/AzureADLoginEnabledfalse
Authentication/Registration/LocalLoginEnabledfalse
Authentication/Registration/OpenRegistrationEnabledfalse
Authentication/Registration/LoginButtonAuthenticationTypehttps://login.windows.net/common

  1. Make sure all parameters are configured correctly. Otherwise this will cause Self-Service Portal Malfunctioning

  2. You can create the above described records by click on '+ New' located at the top-ribbon menu

  1. After filling the described information on the records click on 'Save & Close'. Repeat until you create all the records.

👍

Your SSP Integrated login setup has been completed.

Updated 5 months ago