Microsoft Dynamics 365 for Sales Connector > Introduction to Microsoft Dynamics 365 for Sales Connector > Authentication
  

Authentication

You can select the Microsoft Dynamics 365 for Sales server type as on-premise or online and then select the authentication type in the Microsoft Dynamics 365 connection properties to access Microsoft Dynamics 365 for Sales online or on-premises from Data Integration.
You can use the following authentication types to connect based on the online or on-premises deployment of Microsoft Dynamics 365 for Sales:
OAuth 2.0 Password Grant
Applicable to access Microsoft Dynamics 365 for Sales online and on-premises.
Specify the Microsoft Dynamics 365 for Sales web API URL, user name, password, and application ID in the Microsoft Dynamics 365 for Sales connection properties to access Microsoft Dynamics 365 for Sales. To access Microsoft Dynamics 365 for Sales on-premises, you must additionally specify the security token service URL in the following format: https://sts1.<company>.com/adfs/oauth2/token
For additional configurations, see Use a native application with Azure Active Directory for password grant authentication
OAuth 2.0 Client Certificate Grant
Applicable to access Microsoft Dynamics 365 for Sales online.
Specify the Microsoft Dynamics 365 for Sales web API URL, application ID, tenant ID, keystore file, keystore password, key alias, and key password to access Microsoft Dynamics 365 for Sales. For additional configurations, see Use a web application for client certificate grant authentication
OAuth 2.0 Client Secret Grant
Applicable to access Microsoft Dynamics 365 for Sales online.
Specify the Microsoft Dynamics 365 for Sales application ID and client secret to access Microsoft Dynamics 365 for Sales. For additional configurations, see Use a web application for client secret grant authentication

Use a native application with Azure Active Directory for password grant authentication

Azure Active Directory is a cloud-based directory that provides identity management services. You can use Azure Active Directory to securely communicate with Microsoft Dynamics 365 for Sales.
To use the Password Grant authentication for Microsoft Dynamics 365 for Sales Connector, the organization administrator needs to register a native application with Azure Active Directory. After the organization administrator registers the native application with Azure Active Directory, you can communicate with the services of Microsoft Dynamics 365 for Sales.
Note: It is not recommended to use the Password Grant authentication type for new connections.
To register a native application with Azure Active Directory, click the following URL:
https://docs.microsoft.com/en-us/dynamics365/operations/dev-itpro/data-entities/services-home-page

Use a web application for client certificate grant authentication

You must have a valid certificate to use the client certificate grant authentication type.
Note: You can run the following commands from any machine and use the certificates in the Azure Active Directory application.
    1. Run the following command to create a public-private key pair:
    keytool -genkey -alias <keypair_name1> -keyalg <key_algorithm> -validity <number_days> -keystore <path and file name of the generated certificate> -storetype <store_type> -keypass <key_password> -storepass <store_password>
    For example, keytool -genkey -alias keyalias -keyalg RSA -validity 1825 -keystore "C:\Cdrive\Cloud\R27\MSDCRM_WebAPI\MSDCRM_WebAPI\certificate\iicsdummy.com\federated.jks" -storetype JKS -keypass keypassword -storepass changeit
    2. Run the following commands to import the root CA certificate(s) followed by the user's signed certificate to the keystore:
    1. a. keytool -import -trustcacerts -alias <keypair_name2> -file <CA_certificate_name> -keystore <path and file name of the generated certificate>
    2. For example, keytool -import -trustcacerts -alias root -file gd_bundle-g2-g1.crt -keystore "C:\Cdrive\Cloud\R27\MSDCRM_WebAPI\MSDCRM_WebAPI\certificate\iicsdummy.com\federated.jks"
    3. b. keytool -import -trustcacerts -alias <keypair_name1> -file <user's_signed_certificate_name> -keystore <path and file name of the generated certificate>
    4. For example, keytool -import -trustcacerts -alias keyalias -file b2024001944cdb12.crt -keystore "C:\Cdrive\Cloud\R27\MSDCRM_WebAPI\MSDCRM_WebAPI\certificate\iicsdummy.com\federated.jks"
    3. Run the following command to export the certificate from the keystore:
    keytool -export -alias <keypair_name1> -file <certificate_name> -keystore <path and file name of the generated certificate>
    For example, keytool -export -alias keyalias -file keyalias.crt -keystore "C:\Cdrive\Cloud\R27\MSDCRM_WebAPI\MSDCRM_WebAPI\certificate\iicsdummy.com\federated.jks"
    4. Upload the certificate or public key under a new Web application.
    Upload the certificate or public key under a new Web application.
    5. Go to Settings > Security and click the Enabled Users list to create a new application user in Microsoft Dynamics 365 for Sales.
    6. Create a new application user and enter the details shown in the following image:
    Create a new application user by providing the details.
    7. Click Save.
    8. Click Manage Roles and choose a global administrator or custom role for the application user.
    Manage User Roles.
    9. Click OK.
    10. You will need to enter the application ID, keystore file, keystore password, key alias, and key password when you create a connection in Informatica Cloud.
    Note: When you use a serverless environment, you cannot configure the Client Certificate Authentication.

Use a web application for client secret grant authentication

You can configure OAuth 2.0 Client Secret Grant authentication to connect to Microsoft Dynamics 365 for Sales.
    1. Go to the Azure registered applications page in Azure Active Directory.
    2. Select your application.
    3. Navigate to Certificates and Secrets page.
    4. Click New client secret to generate a client secret.
    5. Go to Settings > Security and click the Enabled Users list to create a new application user in Microsoft Dynamics 365 for Sales.
    6. Create a new application user and enter the details shown in the following image:
    Create a new application user by providing the details.
    7. Click Save.
    8. Click Manage Roles and choose a global administrator or custom role for the application user.
    Manage User Roles.
    9. Click OK.
    10. You will need to enter the application ID and client secret when you create a connection in Informatica Cloud.