Dynamics 365 (On-Premise)

this page explains how to configure a connection to an on premise instance of microsoft dynamics 365 using active directory federation services and oauth2 authentication these instructions apply specifically to internet facing deployments (ifd), where both dynamics 365 and adfs are accessible externally you’ll set up an oauth client, grant the required permissions, and configure token settings to enable secure communication between the connector and your dynamics environment this instruction is for internet facing installation your dynamics and adfs need to be publicly reachable, otherwise, the connector won’t work prerequisites to connect to dynamics 365 on premise installation, you will need to provide dynamics 365 on premise base url adfs base url adfs oauth2 client id create oauth2 client in adfs using powershell 1\ register new client application to use with unaric sidebar you need to create separate clients for unaric sidebar add on and automatic sync , depends on what you are using https //script google com/macros/d/17v0pk2a7vtevunubsgxmcnfgyivn6pblzdurwjlnondlw5sziem3o0hi/usercallback https //isync ienterprises com/oauth2client/mscrm php to register a new oauth2 client, run the following from the administrative powershell prompt add adfsclient name "oauth2 client name here" clientid "some uid here" redirecturi "re direct uri here" replace some uid with your client id use this client id in connection settings for more information on this process, see microsoft documentation, https //docs microsoft com/en us/powershell/module/adfs/add adfsclient 2\ grant application permission to crm grant application permission to adfs clients with the required scope(s), by running the following from administrative powershell prompt grant adfsapplicationpermission clientroleidentifier "clientid" serverroleidentifier "dynamics uri" scopenames openid, user impersonation for more information on this process, see microsoft documentation, https //docs microsoft com/en us/powershell/module/adfs/grant adfsapplicationpermission go to adfs management expand adfs > trust relationships > relying party trusts use the add relying party trust wizard create a relying party manually and permit all users to access this relying party obtain refresh tokens from adfs refresh tokens are needed from adfs to keep the login active to set them, run the following from an administrative powershell prompt set adfsrelyingpartytrust targetname "rpt name" issueoauthrefreshtokensto alldevices set adfsrelyingpartytrust targetname "rpt name" tokenlifetime 10 set adfsproperties ssolifetime 20160 this would issue access tokens with a lifetime of 10 minutes and refresh tokens to all clients with a lifetime of 14 days for more information on this process, see microsoft documentation, https //docs microsoft com/en us/powershell/module/adfs/set adfsrelyingpartytrust and https //docs microsoft com/en us/powershell/module/adfs/set adfsproperties