...

1. In ADFS Management, right-click on Application Groups and select Add Application Group.

2. On the Application Group Wizard, enter a Name  and under Client-Server applications select the Server application accessing a Web API template. Click Next.

3. Copy the Client Identifier value. (This will be the ClientId we need for connection)

4. Enter the Redirect URI. Click Add. Click Next

5. On the Configure Application Credentials screen, you can optionally choose to Generate a shared secret and copy the secret. (This will be the ClientSecret we need for connection). Click Next.

6. On the Configure Web API screen, enter the the Dynamics URI. Click Add. Click Next.

7. On the Apply Access Control Policy screen, select Permit everyone and click Next.

8. On the Configure Application Permissions screen, make sure openid and user_impersonation are selected and click Next.

9. On the Summary screen, click Next.

10. On the Complete screen, click Close.

Obtaining refresh tokens from ADFS

Refresh tokens are needed from ADFS to keep the login active. To set them you’d run the following from an Administrative PowerShell prompt -

...