For years, Online Federation (WS-Trust) was the standard authentication method to gain access to Microsoft Dynamics 365, CRM, CDS, CE, and Dataverse. With rising security concerns, and with a more modern and safer alternative found in OAuth,
Some 4 years ago, our Dynamics 365 toolkit shipped with OAuth support. We’re pretty proud of that; we were the first to produce a data integration toolset that supported it. But why is it so important?
OAuth is an open-standard authorization protocol that allows applications to authenticate and approve application interactions without exchanging passwords; because of that, it is inherently more secure.
When you are configuring an OAuth connection to Dynamics 365, you have the option to do so with Multi-Factor Authentication (MFA). This offers even greater security, providing a stronger wall around your data by ensuring users really are who they say they are by requiring 2 or more verifications of their identity.
While we won’t call it difficult, we can say that the process of establishing an OAuth connection is not trivial. There are quite a few steps across several portals to get it set up. It can easily be confusing to those who aren’t familiar with how the system works. For that reason,
But for those of you who are curious to see how it’s done, or just need a refresher, here’s a brief overview of the steps you need to take to get your connection to Dynamics 365 established:
- Create a new Azure App (or use an existing one) and register it in the Azure Portal.
- Add Dynamics CRM permissions to the app
- Grant the app administrative consent. This too is found under API Permissions for your app.
- Create a “client secret” – another textual “key” that will allow your app to access Dynamics data. You can even control when it expires to further enhance security.
- Connect your app to the data service via Power Platform Admin Center.
- Complete the data connection setup in your SSIS development environment.
If you’re working with a package that has an existing connection, at this point it would be as easy as switching your authentication method for the connection to OAuth. Otherwise, if your package doesn’t currently have a connection, you can create one in the CDS/CRM Connection Manager.
- Password: This uses a username and password in addition to the Client ID and Secret.
- Client Credentials: A server-to-server authentication method.
- Certificate: This uses a certificate key pair, with the public key in your Azure AD application, and the private key installed on the local machine, or your server, which generates a thumbprint to be used in Connection Manager.
- Interactive login: This is a design-time-only option, for testing purposes.
Switching to OAuth is a requirement these days. This modern, more secure authentication process is relatively easy to implement and provides enhanced security to keep prying eyes (or malicious hands) away from your critical business data.
Would you like to know more about our Dynamics 365 toolkit, or our other integration / ETL offerings? Please