This guide has been tested with Dynamics 365 8.2.2.0112. See Microsoft Updates for latest Cumulative Updates and Version Numbers.
- Microsoft Dynamics 365 8.2.2.0112
- Dynamics configured for Claims Based Authentication with ADFS3.0 or ADFS4.0*
- Dynamics configured for Internet Facing Deployment (IFD)
- Public Accessible ADFS 4.0 Server configured with oauth2
Microsoft Supported Environments
*Microsoft do not officially support ADFS4.0 and dynamics 365. However, ADFS3.0 does not fully implement the complete OAuth2 protocol. An ADFS 4.0 (or other compatible OAuth2 Authorization server) must run to provide the interaction with the VIA portal.
The ADFS 4.0 server is used for the interaction between the VIA portal and your organisation for initial authorization. No IFD configuration changes on the Dynamics CRM instance are needed - this is still configured to use ADFS3.0.
ADFS4.0 can be be run along side ADFS3.0 as a separate ADFS forest - it will just have different public url, for example https://sts4.[YourDomain.com]/adfs/oauth2/authorize.
Other OAuth Authentication servers may be supported instead of ADFS4.0 - the requirement is that there is support for token response type, not just code response type.
Ensure ADFS is installed and configured correctly with public certifications and public access.
Configure Dynamics 365 for IFD.
- [GUID] - Unique Guid generated by you
- [AUTH_URL] -Server Role URL - the External Internet Facing Server Location setup in the CRM IFD wizard - eg https://auth.[yourDomain.com]/
Create a client application in ADFS from PowerShell using these two ADFS cmdlets:
Add-AdfsClient -Name "VIA Portal CRM" -ClientId "[GUID]" -RedirectUri "https://portal.via.co.uk/verify.html" -Description "VIA Portal CRM"
Grant-AdfsApplicationPermission -ClientRoleIdentifier "[GUID]" -ServerRoleIdentifier "[AUTH_URL]"
- [GUID] - Unique GUID generated by you
- https://[crm.yourdomain.com] - The URL of your CRM instance
- https://sts4.[YourDomain.com]/adfs/oauth2/authorize - The Oauth2 endpoint of your ADFS4.0 Environment
Connect VIA Portal to your CRM instance:
- In Via Contact Centre goto the CRM Integration window in the VIA portal.
- Enter the [GUID] in the Client ID field
- Enter the URL of your dynamics instance in the Endpoint URL field eg https://[crm.yourdomain.com]
- Enter your Oath Endpoint Application URL into the Application URL field of your ADFS 4.0 server eg - https://sts4.[YourDomain.com]/adfs/oauth2/authorize
- Click sign in and then enter your Dynamics CRM credentials
Configure VIA Portal to search for the required CRM entities:
- You can now add the Search Objects that you want to search against and also what fields to return from Dynamics CRM when performing the search lookup in the Agent Dashboard
- Click Add Search Object
- The VIA Portal will then load from Dynamics CRM all of your available entities
- Choose the relevant entity from the Entity dropdown
- Select the fields you want to search and what you want to appear
- Click Save
- Repeat steps 6 - 10 for each entity you want to add
- Click Save Changes when you are finished
- You have now configured the VIA Portal to integrate with Dynamics CRM
- Agents logged into the Agent Dashboard will now be able to see CRM records when they receive calls through the contact centre
You can test CRM API access with ADFS and oAuth2 by using postman:
First remove the ADFS client with:
Remove-ADFSClient -TargetClientId [GUID]
Add the client again, but with an additional postback specified:
Add-AdfsClient -Name "Postman App" -ClientId "[GUID]" -RedirectUri @("https://callbackurl", " https://portal.via.co.uk/verify.html") -Description "PostmanApp"
Re run the grant permissions
Grant-AdfsApplicationPermission -ClientRoleIdentifier "[GUID]" -ServerRoleIdentifier "https://auth.contoso.training/"
REMEMBER TO REMOVE THIS AND ADD JUST THE VIA CALL BACK AFTER TESTING.
Use the following environment setup: