Tutorial: Register an app with Azure Agile Directory

  • Article
  • 2 minutes to read

This tutorial describes how to register an application with Azure Active Directory, which enables a user with Ability Apps user business relationship to connect to their Microsoft Dataverse surroundings from external client applications using OAuth authentication.

Important

Power Apps also provides you with Server-to-Server (S2S) authentication option to connect to Dataverse environment from external applications and services using the special awarding user business relationship. S2S authentication is the common way that apps registered on Microsoft AppSource use to access the information of their subscribers. More information: Build web applications using Server-to-Server (S2S) authentication.

App registration in Azure Agile Directory is typically washed by ISVs who want to develop external client applications to read and write information in Dataverse. Registering an app in Azure Active Directory provides you with Application ID and Redirect URI values that ISVs tin can use in their client application's authentication code. When terminate users utilize the ISV's application for the showtime time to connect to their Dataverse environs by providing their Dataverse credentials, a consent grade is presented to the end user. After consenting to employ their Dataverse account with the ISV's application, cease users tin connect to Dataverse environment from external awarding. The consent form is non displayed again to other users after the first user who has already consented to use the ISV's app. Apps registered in Azure Active Directory are multi-tenant, which implies that other Dataverse users from other tenant can connect to their environment using the ISV'southward app.

App registration can also be done past an application developer or individual user who is building a client application to connect to and read/write data in Dataverse. Use the Application ID and Redirect URI values from your registered app in your client application's hallmark code to be able to connect to Dataverse environs from your client application, and perform the required operations. Notation that if the app is registered in the same tenant equally your Dataverse surroundings, you won't be presented with a consent form when connecting from your client application to your Dataverse environment.

Prerequisites

  • An Azure subscription for awarding registration. A trial account will also piece of work.

Create an application registration

  1. Sign in to the Azure portal using an account with administrator permission. You must utilize an account in the same Microsoft 365 subscription (tenant) as yous intend to register the app with. You lot tin can besides access the Azure portal through the Microsoft 365 Admin center by expanding the Admin centers particular in the left navigation pane, and selecting Azure Active Directory.

    Note

    If you don't have an Azure tenant (account) or you do have one just your Microsoft 365 subscription with Dataverse is not bachelor in your Azure subscription, following the instructions in the topic Set up Azure Agile Directory access for your Programmer Site to acquaintance the two accounts.

    If you don't take an account, y'all tin sign upward for ane by using a credit card. Even so, the business relationship is free for awarding registration and your credit card won't exist charged if you only follow the procedures called out in this topic to annals one or more than apps. More information: Active Directory Pricing Details

  2. In the Azure portal, select Azure Active Directory in the left pane and select App registrations and click on New registration.

    Azure App Registration.

  3. In the Register an application page, enter your application'due south registration information:

    • In the Proper noun section, enter a meaningful application name that will be displayed to the users.

    • Select Accounts in any organizational directory choice from Supported account types section.

    • Set the Redirect URI.

    • Click on Annals to create the application.

      New App registration page.

  4. On the app Overview page, hover over Awarding (customer) ID value, and select the Copy to clipboard icon to copy the value as yous'll demand to specify this in your awarding'south authentication code or app.config file where appropriate.

    Copy application ID.

  5. Select Manifest tab, in the manifest editor, fix the allowPublicClient* property to true and click on Save.

    App registration Manifest.

  6. Select API permissions tab, click on Add a permission.

    Add app permission.

  7. Search for and cull Dataverse nether the APIs my organization uses tab. If "Dataverse" is not found, then search for "Common Data Service".

    Select API.

    Tip

    If you are presented with more than one Common Data Service item in the search list, cull any one of them. In the next pace the service name and URL will be shown. At that point you tin can go back to the API search and choose a different Dataverse list detail if needed.

  8. Click on Delegated permissions and check the options and click on Add together permissions.

    Delegate Permissions.

    Note

    A futurity revision of the form in step #eight volition replace the Dynamics CRM logo and icon with Dataverse.

This completes the registration of your application in Azure Active Directory.

Additional configuration options

If your application will be a Single Folio Application (SPA) that depends on CORS y'all must configure the app registration to support the implicit period. More information: Tutorial: Registering and configuring a SPA application with adal.js

If your application will support server-to-server connections, run across Use Multi-Tenant Server-to-server authentication

See also

Application registration in Azure Active Directory
Authenticate Users with Dataverse Web Services