...

1. Dynamics 365 On-premise base URL.

2. ADFS base URL.

3. ADFS oAuth2 client id.

(Connector is using Authorization code grant flow for connection)

Create oAuth2 client in ADFS using PowerShell commands

1. Register new

...

client application(s) to use with Connector

You need to create separate clients for G-Suite Connector add-on and Automatic sync, depends on what you are using. Use the following re-direct URI for each clients.

• Re-direct URI for G-Suite add-on - https://script.google.com/macros/d/17V0Pk2A7VTevuNUbsgXMCnfgYIvN6pblZduRWjLNoNDlw5SzIem3o0Hi/usercallback

• Re-direct URI for Outlook add-in - https://outlook.ienterprises.com/outlook/mscrm/src/taskpane/app/oauth/token.html

• Re-direct URI for Automatic sync - https://isync.ienterprises.com/oauth2client/mscrm.php

...

2. Grant Application permission to CRM

For Windows Server 2016 and later :-

Grant Application permission to ADFS clients with the required scope(s), by running the following from Administrative PowerShell prompt -

...

https://docs.microsoft.com/en-us/powershell/module/adfs/grant-adfsapplicationpermission

Create oAuth2 client in ADFS Management

(Alternatively, oAuth client can also be created from ADFS management screen. Follow the steps below)

...

In ADFS Management, right-click on Application Groups and select Add Application Group.

...

On the Application Group Wizard, enter a Name  and under Client-Server applications select the Server application accessing a Web API template. Click Next.

...

Copy the Client Identifier value. (This will be the ClientId we need for connection)

...

Enter the Redirect URI. Click Add. Click Next

...

On the Configure Application Credentials screen, you can optionally choose to Generate a shared secret and copy the secret. (This will be the ClientSecret we need for connection). Click Next.

...

On the Configure Web API screen, enter the the Dynamics URI. Click Add. Click Next.

...

On the Apply Access Control Policy screen, select Permit everyone and click Next.

...

On the Configure Application Permissions screen, make sure openid and user_impersonation are selected and click Next.

...

On the Summary screen, click Next.

...

For ADFS 3.0 on Windows Server 2012 R2 :-

1. Goto ADFS Management

2. Expand ADFS > Trust Relationships > Relying Party Trusts

3. Use the Add Relying Party Trust Wizard

4. Create a Relying party manually and Permit all users to access this relying party

Obtaining refresh tokens from ADFS

...