Walkthrough: Register a Dynamics 365 app with Active Directory


Updated: November 29, 2016

Applies To: Dynamics 365 (online), Dynamics 365 (on-premises), Dynamics CRM 2016, Dynamics CRM Online

This walkthrough describes how to register a desktop client or mobile application so that it can connect to and authenticate with the Microsoft Dynamics 365 server and access the Web services. Once registered, an application can access the Web services using HTTP requests through the server’s SOAP or OData endpoints. This walkthrough applies to Microsoft Dynamics 365.


For an on-premises or Internet-facing deployment (IFD):

  • A Windows Server 2012 R2 with AD FS.

  • You must have administrator access to the server hosting the Microsoft Dynamics 365 deployment services role and the AD FS server.

  • The on-premises server must be configured to use claims authentication.

  • The redirect URL for your application. Instructions for finding that URL are provided in the section named Obtain the redirect URI.

One method to obtain the redirect URI for a native client Windows application is to execute the following line of code in a debug session of your application and examine the returned URI value. In a WinJS debug session, select the RawUri property.


The WebAuthenticationBroker class can be found in the Windows.Security.Authentication.Web namespace. Use the string value returned from the method call when you register the app. The C# line of code is shown in the topic Sample: Windows 8 desktop modern OData app.

For a non-Windows native client application such as a console application, use any valid URI value. In this case, the URI doesn’t need to actually exist but it must be unique in the tenant.

Scenario: A customer or other person registers a custom application to access organization data on a Dynamics 365 server provided by an ISV or Partner.

  1. Configures the Dynamics 365 on-premises (IFD) server and AD FS server using Windows PowerShell commands that are provided later in this section.

  2. Provides the client ID and server address URL information to the customer.

  1. Configures the external application by entering the client ID and server address URL in the app as instructed.

To configure the Dynamics 365 server to enable federated claims, follow these steps.

Configure claims settings

  1. Log on as administrator on the Dynamics 365 server that hosts the deployment service role and open a Windows PowerShell command window.

  2. Add the Dynamics 365Windows PowerShell snap-in (Microsoft.Crm.PowerShell.dll). More information: TechNet: Administer the deployment using Windows PowerShell

    Add-PSSnapin Microsoft.Crm.PowerShell
  3. Enter the following Windows PowerShell commands.

    $ClaimsSettings = Get-CrmSetting -SettingType OAuthClaimsSettings
    $ClaimsSettings.Enabled = $true
    Set-CrmSetting -Setting $ClaimsSettings

To register the external application with AD FS, follow these steps.

Register the application in Active Directory

  1. Log on to the AD FS server as administrator and open a Windows PowerShell command window.

  2. Enter the following command.

    Add-AdfsClient -ClientId <CLIENT_ID> -Name <APP_NAME> -RedirectUri <REDIRECT_URI>

    Where <CLIENT_ID> is a unique number, <APP_NAME> is a name for the application, and <REDIRECT_URI> is any valid URI that AD FS is to redirect to after authentication has completed. It is recommended that the client ID be a GUID. You can generate a GUID in Microsoft Visual Studio by opening the Tools menu and clicking Create GUID.

Microsoft Dynamics 365

© 2016 Microsoft. All rights reserved. Copyright

Community Additions