Portal and Dataverse OAuth Authentication – Application Permissions

438 November 14, 2024

1     Overview

Microsoft has made OAuth authentication with Dataverse the preferred security method. This article outlines the steps required to setup OAuth authentication and configure the DynamicPoint Portal application to leverage this authentication method.

Authentication to Dataverse through Azure AD requires an app registration in Azure AD, registration of the client ID of that app in Dataverse itself and registration of that app in DynamicPoint Portal.

2     App Registration in Azure

  1. Logon to you Azure Portal
  2. Search for “App Registrations”
  3. Select New Registration
  4. Give the registration a logical name, such as “Dataverse Access Permission”
  5. Leave all other options as default and click Register.
  6. Click API permission from the left hand navigation and Add a permission.
  7. Under the Microsoft APIs tab select My API permissions
  8. Select Application Permissions and Click Add permission
  9. Check user_impersonation
  10. Click Add Permissions
  11. The permission doesn’t require an Admin consent.
  12. At this point the permissions of your application should look like this:
  13. The next step is to provide security to your app. Go to Certificates and Secrets from the left menu and click New client secret:
  14. On the next dialog provide a description of the secret and expiration, then click Add
  15. Make sure you copy the new secret immediately, as later it will not be available for copying:
  16. If you lose the secret, you will need to create a new one and register in the client application.
  17. Alternatively, you can register a certificate to authenticate with the app (you will need the .cer version of the cert here):
    With that the app registration is complete. Keep the app registration open, as we’ll have to come back to it while registering the app in Portal/Tenant Admin and Power Platform.

3     Power Platform Registration

  1. Log in to Power Platform Admin Center application, click on the target environment and +New App User icon and select Add an app.

  2. Click Microsoft Entra Applications from the results. On the new dialog click New

  3. The Azure Application Card appears, provide roles and APP ID as specified below:
  4. You need to get the Client ID from the app registration that was just created. Go to Overview from the left menu and copy the Application (Client ID):
  5. Paste it into Client ID. Set a Description and change the State to Enabled.

4     Customer / Vendor Portal

In Portal you can configure credentials either directly in the application as custom credentials or you can create predefined credentials in Tenant Admin and pick them in the application. This can be useful in cases when a client uses more than one DynamicPoint product and connects from them to the same Dataverse instance. This section will cover the configuration directly in the application.

  1. Logon to the application as an administrator
  2. Click the gear in the upper right corner and select Credentials
  3. Click CREATE
  4. With the Create Credential section, under Credential Type, select Azure AD Application
  5. Complete the following fields:
    Title
    Credential Type: Azure AD Application
    Credential Configuration: Custom
    Client ID – With the value copied from the registration
    Client Secret – With the value copied from the registration
  6. Click CREATE to Save New Credential.
  7. Go into your Portal Services to change the credential to your new OAUTH Credential