Power BI Connector for Microsoft Dynamics 365

Build 24.0.9175

Creating a Custom AzureAD Service Principal App

Creating a Custom Azure AD Service Principal App

When authenticating using an Azure Service Principal, you must create a custom AzureAD application and a service principal that can access the necessary resources.

Procedure

The following steps create a custom Azure AD Service Principal application for most supported editions and and obtain the connection properties for the Azure Service Principal authentication, then sets up an application user for your Power Platform (Azure Service Principal) environment.

For information on how to create a custom Azure AD Service Principal app for FinOps Online, see FinOps Online, below.

Create the Custom Azure AD Service Principal Application

  1. Log in to https://portal.azure.com.
  2. In the left-hand navigation pane, select Azure Active Directory > Manage > App Registrations and click New registration. The portal displays the Register an application page.
  3. Enter an application name.
  4. Specify that the new application can be used by Accounts in this organizational directory only.
  5. Click Register. The Portal displays the overview page for your new application.
  6. Navigate to Manage > App Registrations.
  7. In the API Permissions dialog, choose Dynamics CRM permissions. The Portal displays the Dynamics CRM menu.
  8. Choose Delegated permissions type, select User_impersonation, then click Add Permissions.
  9. Click yes.
  10. Still in the Portal's Power Platform Service Principal section, click Certificates & secrets > + New Client Secret. The Portal displays the Add a client secret form.
  11. Provide a description of the client secret (usually this is the same as the name you gave to your custom application) and choose an Expires date for the secret.
  12. Click Add.
  13. The Portal generates a Secret ID (a unique identifier) and a Value (the password) for the secret. These display only once, so record them for future use. (If you lose the key you will need to delete the secret and create a new one.)

Create the Application User

  1. Login in to https://admin.powerplatform.microsoft.com/home.
  2. In the navigation panel at left, click the Environments tab.
  3. Select the D365 environment.
  4. Navigate to Settings > Users + permissions.
  5. Select Application users.
  6. Click New app user > Add an app.
  7. Select the custom Service Principal application that you just created.
  8. Add the System administrator security role.
  9. Click Create.
  10. Assign a business unit.
  11. Click Create.

Procedure for FinOps Online

To create a custom Azure AD Service Principal application for use with Microsoft Dynamics 365 FinOps Online, you register the application with Microsoft Dynamics 365, generate a client secret for the custom application, configure the required permissions to use the application, and then register the application for Finance and Operations.

Note: During registration in Microsoft Dynamics 365 for Finance and Operations, we recommend you supply a dedicated service account that has all the required permissions that must be performed. If no such account currently exists, create one before you begin the procedures below.

Register the application in the Azure AD portal

  1. Log in to https://portal.azure.com.
  2. Switch to the tenant where you want to register the application.
  3. In the left-hand navigation pane, select Azure Active Directory > App Registrations and click New registration. The portal displays the Register an application page.
  4. Enter an application name.
  5. For the account type, specify the Accounts in any organizational directory (Any Azure AD directory - Multitenant).
  6. Accept the default values for the remaining fields.
  7. Click Register. The Portal displays the overview page for your new application, which displays certain "essentials".
  8. Record the value for Application (client) ID for future use.

Generate the Client Secret

  1. Next to Client credentials, click Add a certificate or secret. The portal displays the Certificates and Secrete page.
  2. Click New client secret. The portal displays the Add a client secret panel.
  3. Specify a description for the secret (for example, "App Connect secret"), then select an expiry period.
  4. Click Add.
  5. The portal generates the client secret and displays it on the Certificates & secrets page.
  6. The secret is shown in full only this one time, so record the secret value now, for future use.

Configure required permissions
  1. In the left navigation panel, click API permissions.
  2. Navigate to Add a permission > Dynamics ERP > Application permissions.
  3. Select Connector.FullAccess permission, then click Add permissions add it.
  4. Navigate to Add a permission > Dynamics ERP > Delegated permissions.
  5. Select AX.FullAccess, CustomService.FullAccess, and OData.FullAccess, then click Add permissions add them.
  6. If any of the permissions you just added is Not granted for your domain, click Grand admin consent for yourdomain. Click Yes to confirm. The status of all permissions is updated to Granted.

Register the application with Microsoft Dynamics 365 Finance and Operations
  1. Open your Microsoft Dynamics 365 Finance and Operations account.
  2. Navigate to Modules > System administration > Setup > Azure Active Directory applications. The portal displays the Azure Active Directory applications page.
  3. Click New.
  4. At the Client Id field, enter the application (client) ID you reigistered in Azure AD.
  5. At the Name field, enter a name for the custom application.
  6. At the User ID field, select an appropriate service account user ID as described at the beginning of this section.
  7. Click Save.

Copyright (c) 2025 CData Software, Inc. - All rights reserved.
Build 24.0.9175