Walkthrough: Configure Microsoft Azure (ACS) for integration with Dynamics 365
Updated: December 5, 2016
Applies To: Dynamics 365 (online), Dynamics 365 (on-premises), Dynamics CRM 2016, Dynamics CRM Online
This procedure is deprecated. You should use the procedure described in Walkthrough: Configure Microsoft Azure (SAS) for integration with Dynamics 365 using SAS rather than ACS. More information: Azure Documentation: Service Bus authentication and authorization
This walkthrough guides you through configuring Microsoft Azure Active Directory Access Control Service (ACS) to allow a listener application to read the Microsoft Dynamics 365 messages posted to the Microsoft Azure Service Bus. This configuration is performed using the Plug-in Registration Tool provided in the SDK download. This walkthrough applies to integration with any Microsoft Dynamics 365 deployment type.
As a prerequisite to this walkthrough, if you’re running Microsoft Dynamics 365 (on-premises or IFD), configure Microsoft Dynamics 365 for Microsoft Azure integration. For more information, see Walkthrough: Configure Dynamics 365 for integration with Microsoft Azure. Microsoft Dynamics 365 (online) is pre-configured for Microsoft Azure integration.
A ServiceEndpoint entity contains configuration data that is required for external messaging with a Microsoft Azure Service Bus solution endpoint. By using the Plug-in Registration Tool provided in the SDK download, you can easily create a service endpoint entity in a Dynamics 365 organization and configure the service bus endpoint issuer, scope, and rules.
Follow the steps below to create a service endpoint.
Run the Plug-in Registration Tool and login to the target Dynamics 365 organization.
Select the tab of the organization that you want to register a service endpoint with.
In the toolbar of the tab, click Register and then Register New Service Endpoint.
Fill out the Service Endpoint Registration dialog box with the information related to your solution as shown in the following figure and described in the table that follows. Make sure the contract you specify is the same contract used by your solution’s listener application.
A name for your service endpoint registration.
A description of this endpoint registration.
Solution Namespace (field)
The name of the solution’s service namespace.
The path of your project. For example, given a service endpoint URL of https://crmsdkdemo-sb.accesscontrol.windows.net/TwoWayService/Demo, the path is TwoWayService/Demo.
Contract (drop-down menu)
The endpoint contract. A listener application must use this contract to read the posted message. For more information, see Write a listener application for a Microsoft Azure solution.
Claim (drop-down menu)
The claims to send to Microsoft Azure. Use None for the standard claim. Specify UserId or UserInfo to send additional information about the logged on user.
Federated Mode (checkbox)
Check this box to use federated mode.
Non-writeable field that is filled in automatically with the ID of your endpoint configuration.
Save & Configure ACS (button)
Saves the configuration you entered and automates the process of configuring ACS for you. Provides an interactive way to accomplish what is described in the Walkthrough: Configure Microsoft Azure (ACS alternate method) topic .
Save & Verify Authentication (button)
Saves the configuration you entered and verifies that ACS is configured correctly.
Saves the configuration you entered and closes the dialog.
If you have not yet configured ACS integration with Microsoft Dynamics 365, and you would like the Plug-in Registration Tool to do the configuration for you, click Save & Configure ACS, and then follow the instructions in the next section of this walkthrough. If you have already configured ACS, click Save & Verify Authentication or Save and continue with the instructions in Register a service endpoint step for an event.
Follow the steps below to configure Microsoft Azure Active Directory Access Control Service (ACS).
After choosing Save & Configure ACS, the ACS Configuration dialog box appears. Enter the appropriate data values into the form fields as described in the following table.
The management key for your solution. You can obtain this key value from the Azure Management Portal.
Obtain a Management Key for a Service Bus Namespace
In the left pane, click Service Bus, and then select the target namespace in the list.
At the bottom of the page, click Connection Information.
In the Access connection information dialog box, the Default Key is shown. This is the management key.
If you have changed the symmetric key, enter that key instead of the default key into the Management Key field. If you fail to do so, you may receive errors with a description like this: “ACS50012: Authentication failed”.
The public certificate file that was used to configure Microsoft Dynamics 365 for integration with Microsoft Azure.
For Microsoft Dynamics 365 (online & on-premises), you can download this certificate file from the server. In the Microsoft Dynamics 365 web application click Settings > Customizations, and then click Developer Resources. Download and save the certificate file using the link provided below Microsoft Azure Service Bus Issuer Certificate.
The name of the issuer. This name must be the same name that was used to configure Microsoft Dynamics 365 for Microsoft Azure integration. You can obtain the issuer name from the Developer Resources webpage mentioned in the previous description.
For more information, see Configure Azure integration with Microsoft Dynamics 365.
Click Configure ACS. A log of the configuration process is displayed in the output area of the form.
Click Save & Verify Authentication in the Service Endpoint Registration dialog box. After the verification is finished you can close the dialog boxes.
Microsoft Dynamics 365
© 2016 Microsoft. All rights reserved. Copyright