Tutorial: Register an app with Azure Active Directory

  • Article
  • ii minutes to read

This tutorial describes how to register an application with Azure Agile Directory, which enables a user with Power Apps user account to connect to their Microsoft Dataverse environment from external client applications using OAuth authentication.

Important

Power Apps also provides yous with Server-to-Server (S2S) authentication option to connect to Dataverse environment from external applications and services using the special application user business relationship. S2S authentication is the common fashion that apps registered on Microsoft AppSource employ to access the data of their subscribers. More information: Build spider web applications using Server-to-Server (S2S) authentication.

App registration in Azure Agile Directory is typically done by ISVs who want to develop external client applications to read and write data in Dataverse. Registering an app in Azure Active Directory provides you with Application ID and Redirect URI values that ISVs can utilize in their client awarding's authentication lawmaking. When cease users utilize the ISV's application for the first fourth dimension to connect to their Dataverse environs by providing their Dataverse credentials, a consent form is presented to the terminate user. After consenting to employ their Dataverse account with the ISV's application, stop users can connect to Dataverse environment from external awarding. The consent form is not displayed again to other users after the first user who has already consented to employ the ISV'due south app. Apps registered in Azure Active Directory are multi-tenant, which implies that other Dataverse users from other tenant can connect to their environment using the ISV'southward app.

App registration can as well be done by an awarding developer or individual user who is edifice a client application to connect to and read/write data in Dataverse. Apply the Application ID and Redirect URI values from your registered app in your client application's authentication lawmaking to be able to connect to Dataverse surround from your client application, and perform the required operations. Note that if the app is registered in the same tenant as your Dataverse environment, you won't be presented with a consent grade when connecting from your customer application to your Dataverse surround.

Prerequisites

  • An Azure subscription for awarding registration. A trial account will also piece of work.

Create an awarding registration

  1. Sign in to the Azure portal using an account with administrator permission. Yous must use an account in the aforementioned Microsoft 365 subscription (tenant) as y'all intend to annals the app with. Yous tin can besides admission the Azure portal through the Microsoft 365 Admin centre past expanding the Admin centers item in the left navigation pane, and selecting Azure Active Directory.

    Note

    If you don't take an Azure tenant (business relationship) or yous do have i but your Microsoft 365 subscription with Dataverse is not available in your Azure subscription, post-obit the instructions in the topic Ready Azure Active Directory admission for your Programmer Site to associate the 2 accounts.

    If you don't have an account, yous can sign up for one by using a credit card. However, the account is complimentary for application registration and your credit card won't exist charged if y'all only follow the procedures called out in this topic to annals one or more apps. More information: Agile Directory Pricing Details

  2. In the Azure portal, select Azure Active Directory in the left pane and select App registrations and click on New registration.

    Azure App Registration.

  3. In the Register an application page, enter your awarding's registration information:

    • In the Proper noun section, enter a meaningful application name that will be displayed to the users.

    • Select Accounts in any organizational directory option from Supported account types section.

    • Set the Redirect URI.

    • Click on Register to create the application.

      New App registration page.

  4. On the app Overview page, hover over Awarding (client) ID value, and select the Re-create to clipboard icon to copy the value equally you'll need to specify this in your application'southward authentication lawmaking or app.config file where appropriate.

    Copy application ID.

  5. Select Manifest tab, in the manifest editor, gear up the allowPublicClient* property to true and click on Relieve.

    App registration Manifest.

  6. Select API permissions tab, click on Add a permission.

    Add app permission.

  7. Search for and choose Dataverse nether the APIs my organization uses tab. If "Dataverse" is non found, then search for "Mutual Data Service".

    Select API.

    Tip

    If you are presented with more than ane Common Data Service item in the search list, choose any one of them. In the side by side step the service proper noun and URL will be shown. At that signal you tin can become dorsum to the API search and choose a different Dataverse list item if needed.

  8. Click on Delegated permissions and check the options and click on Add permissions.

    Delegate Permissions.

    Note

    A hereafter revision of the form in step #8 volition supercede the Dynamics CRM logo and icon with Dataverse.

This completes the registration of your application in Azure Active Directory.

Boosted configuration options

If your awarding will exist a Single Page Awarding (SPA) that depends on CORS you must configure the app registration to support the implicit flow. More information: Tutorial: Registering and configuring a SPA application with adal.js

If your awarding will back up server-to-server connections, see Use Multi-Tenant Server-to-server hallmark

Encounter also

Application registration in Azure Active Directory
Cosign Users with Dataverse Web Services