|Summary:||Outline of how to enable access to Paribus 365 (Cloud Service instance) to a customer instance of Dynamics 365 (Azure Active Directory)|
|Article Type:||How-To Guide|
|Related Product(s):||This article relates to the following products:
About This Article
This article provides an outline of the steps required to enable access to an instance of the Paribus 365 Cloud Service, to a customer instance of Microsoft Dynamics 365 Online (Azure Active Directory).
As part of the Paribus 365 for Microsoft Dynamics 365 solution is a cloud instance of the Paribus 365 (Paribus Interactive) Cloud Service, which acts as the cloud hosted search engine service.
This service contains a collection of content which the Paribus search engine uses to perform search requests. This content is acquired from the customer instance of Dynamics 365 and is automatically synchronized with the Paribus 365 Cloud Service instance.
Connectivity and authentication with the customer instance of Dynamics 365 can be achieved in a variety of ways. Here we outline token-based authentication (OAuth) with Azure Active Directory.
What is Token-based Authentication
Token-based authentication (OAuth) is a process whereby the owner of the service with which we wish to connect/authenticate to (e.g. customer instance of Dynamics 365), issues the third-party service with an authentication token.
The third-party service (e.g. Paribus 365) is then able to use the authentication token as a secure means to connect and authenticate to the target service (e.g. Dynamics 365).
In the case of token authentication with Microsoft Dynamics 365, this is actually authentication to the target Active Directory which owns the Microsoft Dynamics 365 instance (e.g. Azure Active Directory).
About Authentication Tokens
- Authentication tokens replace the need for any exchange of usernames and passwords.
- Authentication tokens are not subject to password expiration or multi-factor authentication (MFA) principles.
- Authentication tokens are issued uniquely to each third-party.
- Authentication tokens can be revoked (deleted) at any time by the token bearer (e.g. Dynamics 365 customer) – this resulting in all third-party access being revoked/denied.
Registering the Paribus 365 Application (Request Permission)
The first step in which to achieve authentication with Microsoft Dynamics 365 (Azure Active Directory), is for the Paribus 365 Cloud Service to request authority from the customers Active Directory. This is known as an Application Registration.
Click this link to begin the application registration process and request to grant Paribus 365 Access Authority to my Active Directory.
Important Note: The response to this action must be performed by an Azure Active Directory user with authority to perform administration tasks including Application Registrations.
The above action should present a Microsoft hosted login request (web page):
The login being requested here should be completed with the following:
- A user account within the Azure Active Directory owning the target instance of Microsoft Dynamics 356.
- A user account within the Azure Active Directory with administration privileges to grant authority access.
Application Registration – Requesting Permissions
Upon a successful login to the target Azure Active Directory, the next step is to grant the Paribus 365 application authority to access assets within the Azure Active Directory.
The key authority that Paribus 365 requires is access to the Common Data Services (e.g. Dynamics 365 data).
Microsoft will present the following dialog to request this permission:
Upon successful completion of this step the Paribus 365 application will only be permit authority into the target Azure Active Directory and access to the Common Data Service – the level of access permitted at this stage is none and will be defined in later steps below.
To check the successful registration of the Paribus 365 application within the Azure Active Directory (optional), access the Azure Portal for your Azure Active Directory and view “Azure Active Directory – Enterprise Applications”:
- Listed within the Enterprise application should be the Paribus Interactive application.
Defining a Dynamics 365 Application User
The final step following the successful registration of the Paribus 365 application into the Azure Active Directory is to create an Application User account within the target Dynamics 365 instance. This application user will act as the user by which Paribus 365 will connect to the target Dynamics 365 instance.
Using an administration user account log into the target Dynamics 365 instance you wish to enable access to Paribus 365, and access the system security settings.
- Select Users to access user management
From the list of CRM users select the type of users to be displayed as “Application Users”.
- Select + New option to add a new Application User
New Application User
This step defines an Application User within your CRM tenant by which the Paribus 365 Cloud Service will connection and impersonate for the operations it is required to perform.
The Application ID value that is given to the Application User here is unique to Paribus 365 and ties into the Application Registration given to Paribus 365 at the beginning of this process.
From the new Application User dialog define the new user as follows:
- User Name: paribuscloudadmin
- Application ID: 1ee6affa-24cd-4ce8-a962-a9f0feeaac34
- Full Name: Paribus Interactive
- Email: (a valid email within your organization)
- Save & Close to save your new Application User
Application Users are subject to the following:
- Do not require a password.
- Do not require a user licence.
- Their access is subject to the security roles they are assigned (see next step).
- Can be removed at any time causing authentication and access to be revoked.
Application User Security Roles
The final step in defining the Paribus 365 Application User is to define the security roles this user has, which in turn will define the access rights given to the Paribus 365 Application within the Dynamics 365 instance.
- Select the Paribus Application user from the list of application users
- Select the MANAGE ROLES option
- Within the list of Security Roles, select the Paribus Interactive Cloud Administration role
Note: This security role may not yet exist within your Dynamics 365 instance until the Paribus 365 Framework solution has been applied. If this is the case, skip this step and return once the Paribus 365 Framework solution has been installed.
Removing Access/Registration to Paribus Interactive
If you wish to remove the registration of the Paribus Interactive application from your Dynamics 365 instance and Azure Active Directory, this can be achieved from within your Azure Active Directory.
This action will remove the application registration and thus revoke all authentication and access to the Azure Active Directory and Dynamics 365 tenant(s).
From within the Azure management portal of the Azure Active Directory to be updated:
- select the Azure Active Directory
- select Enterprise applications
- Select the Paribus Interactive application
- Select the Delete option
Removal of the Dynamics 365 Application User
Removal of the Dynamics 365 application user is optional but not essential as the registration of the Paribus Interactive application has been removed from the Azure Active Directory thus preventing any further access to this application.