Looking for an Expert Development Team? Take two weeks Trial! Try Now or Call: +91.9824127020

Server to Server Authentication in Dynamics 365 Customer Engagement

Dynamics 2016 update for Dynamics 365 Online brought along with the possibility of Server to Server Authentication for both Single-Tenant and Multi-Tenant scenario

Single-Tenant would be used in situation where the Application and the Dynamics are part of same Azure AD tenant. Here, the User accessing the application belongs to the same Azure AD or Tenant. In case of multi-tenant, the user belonging to a different Azure AD tenant will be able to use the application.

We’d use Single-Tenant when we are building an application that will beused by the employees of that company only. However, if we want an application that would also be used by external users for e.g. customers, then we would go for Multi-Tenant.

To configure Server to Server authentication,

  1. We will register the application in Azure AD.
  2. Create and configure an Application User in Dynamics 365 Online.
  3. Sample code to access Dynamics 365 Online.

Software requiredRegister the application in Azure AD.

Open Azure Management Portal → Azure Active Directory → App Registrations and click on New application registration.


Provide values as below and click on Create.


Note down the Application ID of the app created and click on Settings.


Select Required Permission → Add → Select an API and select Dynamics CRM Online.


Select Access Dynamics 365 as organization users.


Click on Done to add the required permissions.

Click on Keys, give a Description to the key, specify Expiration and click on Save to generate the Key.


Note down the key value generated and save it.


Create and configure the Application User

Here we will associate the above Client ID and Key – Client Secret with a user inside Dynamics 365 Services Online.

Navigate to Settings → Security → Users → Switch the view to Application Users and click on New


Switch to Application User form and specify the Application ID of the application that we registered earlier. Specify Full Name and the Primary Email. The platform will automatically populate the Application ID URI and Azure AD Object ID.


Now based on the action to be performed, assign an appropriate security role to the application user.

Sample code to retrieve Dynamics 365 Online information using the Application User.

var resource = "https://[OrgName].crm.dynamics.com"; // get the OAuth 2.0 Authorization Endpoint from the App registrations string authority = "https://login.microsoftonline.com/8fe3a4bf-329a-41e5-a96a-097955938686/oauth2/authorize";
                                AuthenticationContextauthenticationContext = newAuthenticationContext(authority); AuthenticationResultauthenticationResult = null; // specify client id (application id) and client secret varclientCredentials =
                                newClientCredential("4cefc50a-0c50-432a-93e3-c6d7b4876dea", "YpetUWZ2pKcJJD1DwVttFNoPl1kWXMuwtFj3ttBp2Ss="); authenticationResult = authenticationContext.AcquireToken(resource, clientCredentials); varauthenticationToken =
                                authenticationResult.AccessToken; // use the TLS12 security protocol ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12; // Get Dynamics 365 Online Data var client = newHttpClient(); client.DefaultRequestHeaders.Authorization
                                = newAuthenticationHeaderValue("Bearer", authenticationToken); // Get the subject \ topic for all the leads inside Dynamics 365 Online var result =
                                client.GetAsync("https://[OrgName].crm.dynamics.com/api/data/v9.0/leads?$select=subject").Result; if(result.IsSuccessStatusCode) { // get the lead details }

In this article we saw, how we can quickly setup the Azure AD Application and the Application User to access Dynamics 365 Online. The benefits of using Application User is that we aren’t sharing password here and also the Application User doesn’t consume the non-interactive user account license although the user is created as Non-Interactive. Also, there are is no limitation on number of application users that can be created.

Post Tags

#Dynamics 365 CE

Aegis Infoways

Aegis Infoways is a leading software development company that provides a wide range of business solutions like software development, data warehouse, or web development for specific business needs.

Related Posts

CompletableFuture in Java

CompletableFuture in Java

Technology CompletableFuture is used for asynchronous programming in Java. Asynchronous Programming means running tasks in a separate thread, other than the main thread, and notifying the execution progress like completion or failure. It helps improve application...

Best Practices Things That Help Ms CRM Develo...

Best Practices Things That Help Ms CRM Develo...

It is always the clever MS CRM developers who think about configuration first before customization. Although Dynamics CRM offers many things, such as flexibility and customization, developers need to be more careful about customizing CRM objects. Smarter developers...

10 Eclipse Java Plug-ins You Can’t Do Witho...

10 Eclipse Java Plug-ins You Can’t Do Witho...

Eclipse is the most widely used integrated development environment for Java. Used to develop the Java applications, Eclipse is also often used to develop applications. Its extensive plug-ins give it the flexibility to be customized. This open-source software has...