Startup of the replicator for Microsoft Dynamics 365
June 2023
MetaDirectory version 5.0.14
From version 5.0.14 of MetaDirectory, the replicator for Microsoft Dynamics 365 is available.
This requires some preparatory steps within Microsoft Management Portals.
Video Tutorial
An overview of the basic functionality and commissioning is provided by the following video with a recording from our "Tech Essentials LIVE" webinar series from February 2022 (In German):
Procedure
Preparation Azure AD
Grant service user permissions
Assign the required admin roles to the desired service user via the Microsoft 365 Admin Center (https://portal.azure.com/) under Assigned roles:
Application administrator
Dynamics 365 administrator
Power platform administrator
Example screenshot: User – Assigned roles – Administrative roles
Disable multi-factor authentication (MFA) at domain level
MFA can be activated for each individual user via https://portal.azure.com/
Example screenshot: Azure Active Directory properties – Manage security standards
Setup connection Dynamics 365 online – App registration
App registration
In Microsoft Azure Active Directory, add a new application under App registrations.
Example screenshot: Register application in Microsoft Azure Active Directory
Add API authorization
Add new permissions to the application.
Example screenshot: Request API permissions – Dynamics CRM
Request Microsoft Graph permissions
Example screenshot: Request API permissions – Delegated permissions – Microsoft Graph
The delegated permissions must then still be granted via "Administrator approval".
The default permission "User.Read" can theoretically be revoked because it is overwritten by the permission "User.Read.All".
What is required:
Dynamics CRM:
- user_impersonation
Microsoft Graph
- Contacts.Read
- User.Read.All
Example screenshot: Configured permissions
Create new client secret
Add a new client secret under Certificates & secrets.
Example screenshot: Certificates & secrets – Add a client secret
Copy value immediately
Copy the value immediately after creation, otherwise, the password is no longer readable!
This data incl. "Value" is required when setting up the replicator in the MetaDirectory.
Data required in the replicator
You need the data including the "Value" from the previous step in the replicator.
Example screenshot: Essentials
Create application user (App User)
The Application user must be created via the PowerApps admin portal in the Power Platform admin center.
Instructions from Microsoft
Below are the instructions from Microsoft Support:
Please find the below details to Create an application user:
Sign in to the Power Platform admin center as a System Administrator.
Select Environments, and then select an environment from the list.
Select Settings.
Select Users + permissions, and then select Application users.
Select + New app user to open the Create a new app user page
Select + add an app to choose the registered Azure AD application that was created for the selected user, and then select Add
The selected Azure AD app is displayed under App. You can select Edit to choose another Azure AD application. Under Business Unit, select a business unit from the dropdown list.
After choosing a business unit, you can select for Security roles to choose security roles for the chosen business unit to add to the new application user. After adding security roles, select Save.
Select Create.
Useful links:
https://docs.microsoft.com/en-us/power-platform/admin/create-users#create-an-application-user
https://docs.microsoft.com/en-us/power-platform/admin/manage-application-users#create-an-application-user
https://community.dynamics.com/crm/f/microsoft-dynamics-crm-forum/350363/creating-an-application-user
Example screenshot: Microsoft 365 admin center – Dynamics 365 apps
Select environment and application user
Select via Settings – Users and permissions – Application users and add a new application user.
Example screenshot: Power Platform admin center – Environments – Settings – Application users
Example screenshot: Environments – Settings – New app user
App: Define security roles
Select the Business unit and assign a security role.
Example screenshot: App – Business unit and security roles
Grant permission in Dynamics for the user
To grant permission to the user, please use the appropriate documentation from Microsoft:
Microsoft documentation
https://docs.microsoft.com/en-US/dynamics365/sales-professional/help-hub
Logging in to the Microsoft Dynamics 365 web interface – Advanced settings
Log in to the Microsoft Dynamics 365 web interface with an administrative account and navigate to Settings – Advanced settings section. Here select the Security button.
Example screenshot Microsoft Dynamics 365 – Settings – Advanced settings
Example screenshot: Dynamics 365 – Settings – Security
Select user and assign role
In the Users section, select the appropriate user and assign the required roles to the user.
Example screenshot: Security – Select user
Example screenshot: Dynamics 365 – Settings – Security – Manage roles – User roles
If the necessary roles are not offered here, then you probably do not have the correct license. A setup e.g. with Dynamics test licenses is not possible. A Dynamics 365 Sales Professional license will work.
Configure replicator in MetaDirectory
estos documentation
Basic information on replicators can be found in the estos documentation for MetaDirectory 5 Enterprise.
https://help.estos.com/help/en-US/meta/5.0/metadirectory/dokumentation/examples/index.htm
Open the administration interface via MetaDirectory Administrator and select the Database – Replicators.
In Add – Import replicator, select Microsoft Dynamics 365.
Enter the appropriate values in the fields and follow the configuration wizard.
Example screenshot: MetaDirectory Administrator – Import replicator
Optional: Configuration of additional contact URLs
Additional Contact URL links
If you want to configure additional contact URL links, (https://help.estos.com/help/en-US/meta/5.0/metadirectory/dokumentation/configuration/database/replicators/wizard.htm), it is important to specify the URL with the appropriate <EntrID> variable and not to specify a URL with absolute referencing to a specific contact.
E.g: https://[organisation].crm4.dynamics.com/main.aspx?app=d365default&forceUCI=1&pagetype=entityrecord&etn=contact&id=<EntryID>