Versions Compared

Version Old Version 15 New Version 16
Changes made by

Shaji Sarangadharan

Shaji Sarangadharan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Create oAuth2 client in ADFS using PowerShell commands

(You can also create the client using ADFS admin UI as explained in this link - )

1. Configure your ADFS for a new OAUTH2 clients to use with Connector

You need to create separate clients for G-Suite add-on and Automatic sync, depends on what you are using. Use the following re-direct URLs URI for each clients.

...

Code Block
languagepowershell
Add-ADFSClient -Name "oAuth2 Client name here" -ClientId "some uid here" -RedirectUri "re-direct urluri here"

** Replace “some - uid“ with a client id. Use this client id in connection settings.

...

Code Block
languagepowershell
Grant-AdfsApplicationPermission -ClientRoleIdentifier "clientid" -ServerRoleIdentifier "Dynamics API URL" -ScopeNames openid, user_impersonation

Microsoft doc link :

https://docs.microsoft.com/en-us/powershell/module/adfs/grant-adfsapplicationpermission

...

Create oAuth2 client in ADFS Management

(Alternatively, oAuth client can also be created from ADFS management screen. Follow the steps below)

  1. In ADFS Management, right-click on Application Groups and select Add Application Group.

  2. On the Application Group Wizard, enter a Name  and under Client-Server applications select the Server application accessing a Web API template. Click Next.

  3. Copy the Client Identifier value. (This will be the ClientId we need for connection)

  4. Enter the Redirect URI. Click Add. Click Next

  5. On the Configure Application Credentials screen, you can optionally choose to Generate a shared secret and copy the secret. (This will be the ClientSecret we need for connection). Click Next.

  6. On the Configure Web API screen, enter the the Dynamics API URL. Click Add. Click Next.

  7. On the Apply Access Control Policy screen, select Permit everyone and click Next.

  8. On the Configure Application Permissions screen, make sure openid and user_impersonation are selected and click Next.

  9. On the Summary screen, click Next.

  10. On the Complete screen, click Close.

Obtaining refresh tokens from ADFS

Refresh tokens are needed from ADFS to keep the login active. To set them you’d run the following from an Administrative PowerShell prompt -

...