...
Dynamics 365 On-premise base URL.
ADFS base URL.
ADFS oAuth2 client id.
(Connector is using Authorization code grant flow for connection)
Create oAuth2 client in ADFS using PowerShell commands
...
1.
...
Register new client application(s) to use with Connector
You need to create separate clients for G-Suite Connector add-on and Automatic sync, depends on what you are using. Use the following re-direct URLs URI for each clients.
Re-direct URL URI for G-Suite add-on - https://script.google.com/macros/d/17V0Pk2A7VTevuNUbsgXMCnfgYIvN6pblZduRWjLNoNDlw5SzIem3o0Hi/usercallback
Re-direct URI for Outlook add-in - https://outlook.ienterprises.com/outlook/mscrm/src/taskpane/app/oauth/token.html
Re-direct URL URI for Automatic sync - https://isync.ienterprises.com/oauth2client/mscrm.php
...
| Code Block | ||
|---|---|---|
| ||
Add-ADFSClient -Name "oAuth2 Client name here" -ClientId "some uid here" -RedirectUri "re-direct urluri here" |
** Replace “some - uid“ with a client id. Use this client id in connection settings.
...
https://docs.microsoft.com/en-us/powershell/module/adfs/add-adfsclient
2. Grant Application permission to
...
CRM
For Windows Server 2016 and later :-
Grant Application permission to ADFS clients with the required scope(s), by running the following from Administrative PowerShell prompt -
| Code Block | ||
|---|---|---|
| ||
Grant-AdfsApplicationPermission -ClientRoleIdentifier "clientid" -ServerRoleIdentifier "Dynamics URLURI" -ScopeNames openid, user_impersonation |
Microsoft doc link :
https://docs.microsoft.com/en-us/powershell/module/adfs/grant-adfsapplicationpermission
For ADFS 3.0 on Windows Server 2012 R2 :-
Goto ADFS Management
Expand ADFS > Trust Relationships > Relying Party Trusts
Use the Add Relying Party Trust Wizard
Create a Relying party manually and Permit all users to access this relying party
Obtaining refresh tokens from ADFS
Refresh tokens are needed from ADFS to keep the login active. To set them you’d run the following from an Administrative PowerShell prompt -
...