Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Version History

« Previous Version 15 Next »

(Only for internet facing installation)

To connect to Dynamics 365 On-premise installation, user(s) need to provide -

  1. Dynamics 365 On-premise base URL.

  2. ADFS base URL.

  3. ADFS oAuth2 client id.

Create oAuth2 client in ADFS using PowerShell commands

(You can also create the client using ADFS admin UI as explained in this link - )

1. Configure your ADFS for a new OAUTH2 clients to use with Connector

You need to create separate clients for G-Suite add-on and Automatic sync, depends on what you are using. Use the following re-direct URLs for each clients.

To register a new oAuth2 client, run the following from the Administrative PowerShell prompt -

Add-ADFSClient -Name "oAuth2 Client name here" -ClientId "some uid here" -RedirectUri "re-direct url here"

** Replace “some-uid“ with a client id. Use this client id in connection settings.

Microsoft doc link :

https://docs.microsoft.com/en-us/powershell/module/adfs/add-adfsclient

2. Grant Application permission to ADFS clients

Grant Application permission to ADFS clients with the required scope(s), by running the following from Administrative PowerShell prompt -

Grant-AdfsApplicationPermission -ClientRoleIdentifier "clientid" -ServerRoleIdentifier "Dynamics URL" -ScopeNames openid

Microsoft doc link :

https://docs.microsoft.com/en-us/powershell/module/adfs/grant-adfsapplicationpermission

3. Obtaining refresh tokens from ADFS

Refresh tokens are needed from ADFS to keep the login active. To set them you’d run the following from an Administrative PowerShell prompt -

Set-AdfsRelyingPartyTrust -TargetName "RPT Name" -IssueOAuthRefreshTokensTo AllDevices
Set-AdfsRelyingPartyTrust -TargetName "RPT Name" -TokenLifetime 10
Set-AdfsProperties -SSOLifetime 20160

This would issue access tokens with a lifetime of 10 minutes and refresh tokens to all clients with a lifetime of 14 days.

Microsoft doc link :

https://docs.microsoft.com/en-us/powershell/module/adfs/set-adfsrelyingpartytrust

https://docs.microsoft.com/en-us/powershell/module/adfs/set-adfsproperties

  • No labels