Creating an Azure AD Application
Creating an Azure AD Application
Microsoft Dataverse supports user-based authentication using Azure AD. This authentication is OAuth-based.CData embeds OAuth Application Credentials with CData branding that can be used when connecting to Microsoft Dataverse via a desktop application or a headless machine. To connect to Microsoft Dataverse via the Web, you must always create a custom application, as described here.
However, since custom Azure AD applications seamlessly support all three commonly-used authentication flows, you might want to create a custom application (use your own Azure AD Applications Credentials) for those other authentication flows.
Custom OAuth applications are useful if you want to:
- Control branding of the authentication dialog.
- Control the redirect URI that the application redirects the user to after the user authenticates.
- Customize the permissions that you are requesting from the user.
Authenticating With Azure AD
In https://portal.azure.com:- In the left-hand navigation pane, select Azure Active Directory > App registrations.
- Click New registration.
- Enter a name for the application.
-
Specify the types of accounts this application should support:
- For private use applications, select Accounts in this organization directory only.
- For distributed applications, select one of the multi-tenant options.
Note: If you select Accounts in this organizational directory only (default), when you establish a connection with CData Power BI Connector for Microsoft Dataverse you must set AzureTenant to the Id of the Azure AD Tenant. Otherwise, the authentication attempt fails.
- Set the redirect URI to http://localhost:33333 (default) OR, if you want to specify a different port, specify the desired port and set CallbackURL to the exact reply URL you just defined.
- To register the new application, click Register. An application management screen displays. Record these values for later use. (You will use the Application (client) ID value to set the OAuthClientId parameters, and the Directory (tenant) ID value to set the AzureTenant parameter.)
- Navigate to Certificates & Secrets. Select New Client Secret for this application and specify the desired duration. After the client secret is saved, the Azure App Registration displays the key value. This value is displayed only once, so record it for future use. (You will use it to set the OAuthClientSecret.)
- Under Select an API, select the Dynamics CRM Online permissions if authenticating from a Desktop app, or select the Dynamics CRM Online permissions if authenticating from web apps or headless machines.
- If you have specified the use of permissions that require admin consent (such as the Application Permissions), you can grant them from the current tenant on the API Permissions page.