Create an Azure App User allowing the AutoMerge service to connect to your CRM.

Microsoft no longer allows services such as AutoMerge to connect to Dynamics CRM using named users. Services don’t and cannot do any multi-factor-authentication and using named users require that extra security layer. Here is Microsoft’s announcement to that effect:

https://docs.microsoft.com/en-us/power-platform/important-changes-coming#deprecation-of-office365-authentication-type-and-organizationserviceproxy-class-for-connecting-to-dataverse

This article will show you how to set up an Azure App and then configure AutoMerge to use it.

High-Level Steps

A – Azure Portal Active Directory – App Registration:

Create Azure App Registration
Add specific permissions to the App
Create a Secret within the App

B – Power Platform Admin – Create App User:

Choose appropriate Environment
Add new Application User, linking it to the just -created Azure-App from above.

C – Within your AutoMerge CRM Connection Verify Page:

Choose “Client ID/ Secret” as the authentication type
Fill in the authentication fields
Click the Verify Button…

Permissions:

You need to have Azure Active Directory Admin permissions within the same Azure Tenant your CRM lives. You also need Power Platform Admin permissions to make changes there.

Let’s go through this in detail…

First: Azure Portal Setup

Did you already create an Azure App for AutoMerge to access a different CRM Organization? These Azure App Registration steps only need to be done ONCE, and can then be referenced by multiple CRM Organizations (example: Production, Sandbox-dev, Sandbox-test, etc...). If you have already set up an Azure App and you have the ClientID/Secret values saved somewhere then you can skip down to the Power Platform setup in the next section.

1. Log in to the Azure Portal as someone with Active Directory Admin privs.

https://portal.azure.com

In the search field at the top, find and open Azure Active Directory

2. On left navigation of Azure Active Directory, choose App Registrations and click New Registration:

3. Give the new Application an appropriate name; keep the default “Single tenant” access; skip the Redirect URI section; and click Register button:

4. After the App Registration is created, go to the Overview on left nav and copy the “Application (client) ID” to your notepad. You will need it later on the AutoMerge Connection Verify page

5. Then on the left nav, click the “API permissions” and then click the “Add a permission” button and find “Dynamics CRM”:

6. Within the “Request API permissions” pane, keep the default “Delegated permissions”; check the box next to “user_impersonation”; and finally click the “Add permissions” button at the bottom:

7. Within the “API permissions” left nav, click the “Grant admin consent…” button:

8. Within the “Certificates & secrets” left nav, click the “New client secret” button; give it a descriptive name and an expiration at least 12 months out. AutoMerge subscriptions are typically 12 months. Finally – click the “Add” button:

Do you only need to create a new Secret because your old one expired? If your previous Secret expired, you only need to create a new Secret, saving the new Secret value (see below). Then you simply update the secret in the AutoMerge CRM-Connection Verify page (see very last step of this article). No need to create a new Azure App registration nor add an application user in Power Platform admin.

10. Find the newly created Secret and save its “Value” to your notepad. It is akin to the password and you will need it later in the AutoMerge CRM Connection Verify Page. This Secret value will no longer be visible if you browse away, so save its value now.

Save the Expiration Date: You may want to set yourself a reminder 1 month before the expiration date to create a new Secret and update your AutoMerge Connection record or the AutoMerge analysis service will stop working.

Next: Power Platform Updates

Do you have Multiple CRM Organizations that the AutoMerge Analysis service accesses? The Azure App Registration steps in the previous section you need only do ONCE, but these Power Platform steps below should be done for each CRM Org that AutoMerge analysis access. For example: Production, Sandbox(Dev), Sandbox(Test), etc...

Log in to the Power Platform Admin Center as someone with Power Platform Admin privs.

https://admin.powerplatform.microsoft.com

1. On the Environments left-nav, locate the environment (aka CRM Organization) and select it:

2. Within the chosen environment, click the “Settings” button at the top.

3. Within Settings, expand the “Users + permissions” and click the “Application users” link.

4. Then click “+ New app user” to expose the right hand pane. Click the “+ Add an app” first.

5. Lookup and select the App you just registered in Azure a few minutes ago. Then click the “Add” button.

6. Select a Business Unit (typically your root unit unless you know what you are doing), and choose the “AutoMerge Non-Admin User” security role that is included with our AutoMerge Managed Solution.

Is the "AutoMerge Non-Admin User" security role not there? If you don't see this role, you likely don't have our solution imported. See our Resources page (https://automerge.com/resources#links) for the latest AutoMerge Managed Solution.

About the "AutoMerge Non-Admin User" security role: Our "AutoMerge Non-Admin User" security role is a minimalist role that gives org-wide Read/Write privs to Accounts/Contacts/Leads. This is enough for the AutoMerge Analysis engine to analyze for duplicates and tag the results back in your CRM. By design, this minimalist role does not have enough privs to allow merging of tagged duplicates which would be needed if you submit a request of Operation=AutoMerge. (Note that AutoMerging that you do directly within your CRM is based on your security roles and is not affected by this setting) If you will be submitting requests where Operation=AutoMerge which will attempt to merge duplicate sets as this App User, then only the built-in "System Administrator" security role is guaranteed not to run into merge priv errors for all CRM environments. That being said, it's NOT good practice to grant such all-powerful security roles to just anyone.

7. All together, this is what it should look like. Click the “Create” button.

7. Confirmation.

Finally: Verify that the AutoMerge Service can connect properly.

Log in to the AutoMerge Management App as a user that was invited.

https://automerge.crm4.dynamics.com

1. From your AutoMerge Customer Profile, open the CRM Connection you wish to set up:

2. Within the CRM Connection, first make sure the “Verification Status” = “Unverified” (if it isn’t, then check the “Clear Credentials” box, and save). Then click the Globe icon on the far right of the “VERIFY URL” field to open the CRM Connection Verify Page for this record:

3. Finally, from the Verify page, paste in “Application (client) ID” and the “Secret” from your Notepad notes you copy/pasted during the Azure App Registration section above.

Set “CRM Type” = “Dynamics365-ClientID/Secret”

Set your Organization (unique) name and URL

Click “Verify” button and wait a few seconds to confirm the connection works.

Are the fields read-only? If the fields on this verify page are read-only, then you will need to check the "Clear Credentials" on the CRM Connection record and save. Then refresh (F5) the verify page.

That’s it!

Happy AutoMerging!

How to Create an Azure App (User) for AutoMerge Service Connection

Create an Azure App User allowing the AutoMerge service to connect to your CRM.

First: Azure Portal Setup

Next: Power Platform Updates

Finally: Verify that the AutoMerge Service can connect properly.

Company

Pricing

Security & Privacy

Resources

Contact