How to Create an Azure App (User) for AutoMerge Service Connection
Create an Azure App User allowing the AutoMerge service to connect to your CRM.
Microsoft no longer allows services such as AutoMerge to connect to Dynamics CRM using named users. Services don’t and cannot do any multi-factor-authentication and using named users require that extra security layer. Here is Microsoft’s announcement to that effect:
This article will show you how to set up an Azure App and then configure AutoMerge to use it.
A – Azure Portal Active Directory – App Registration:
- Create Azure App Registration
- Add specific permissions to the App
- Create a Secret within the App
B – Power Platform Admin – Create App User:
- Choose appropriate Environment
- Add new Application User, linking it to the just -created Azure-App from above.
C – Within your AutoMerge CRM Connection Verify Page:
- Choose “Client ID/ Secret” as the authentication type
- Fill in the authentication fields
- Click the Verify Button…
You need to have Azure Active Directory Admin permissions within the same Azure Tenant your CRM lives. You also need Power Platform Admin permissions to make changes there.
Let’s go through this in detail…
First: Azure Portal Setup
1. Log in to the Azure Portal as someone with Active Directory Admin privs.
In the search field at the top, find and open Azure Active Directory
2. On left navigation of Azure Active Directory, choose App Registrations and click New Registration:
3. Give the new Application an appropriate name; keep the default “Single tenant” access; skip the Redirect URI section; and click Register button:
4. After the App Registration is created, go to the Overview on left nav and copy the “Application (client) ID” to your notepad. You will need it later on the AutoMerge Connection Verify page
5. Then on the left nav, click the “API permissions” and then click the “Add a permission” button and find “Dynamics CRM”:
6. Within the “Request API permissions” pane, keep the default “Delegated permissions”; check the box next to “user_impersonation”; and finally click the “Add permissions” button at the bottom:
7. Within the “API permissions” left nav, click the “Grant admin consent…” button:
8. Within the “Certificates & secrets” left nav, click the “New client secret” button; give it a descriptive name and an expiration at least 12 months out. AutoMerge subscriptions are typically 12 months. Finally – click the “Add” button:
10. Find the newly created Secret and save its “Value” to your notepad. It is akin to the password and you will need it later in the AutoMerge CRM Connection Verify Page. This Secret value will no longer be visible if you browse away, so save its value now.
Next: Power Platform Updates
Log in to the Power Platform Admin Center as someone with Power Platform Admin privs.
1. On the Environments left-nav, locate the environment (aka CRM Organization) and select it:
2. Within the chosen environment, click the “Settings” button at the top.
3. Within Settings, expand the “Users + permissions” and click the “Application users” link.
4. Then click “+ New app user” to expose the right hand pane. Click the “+ Add an app” first.
5. Lookup and select the App you just registered in Azure a few minutes ago. Then click the “Add” button.
6. Select a Business Unit (typically your root unit unless you know what you are doing), and choose the “AutoMerge Non-Admin User” security role that is included with our AutoMerge Managed Solution.
7. All together, this is what it should look like. Click the “Create” button.
Finally: Verify that the AutoMerge Service can connect properly.
Log in to the AutoMerge Management App as a user that was invited.
1. From your AutoMerge Customer Profile, open the CRM Connection you wish to set up:
2. Within the CRM Connection, first make sure the “Verification Status” = “Unverified” (if it isn’t, then check the “Clear Credentials” box, and save). Then click the Globe icon on the far right of the “VERIFY URL” field to open the CRM Connection Verify Page for this record:
3. Finally, from the Verify page, paste in “Application (client) ID” and the “Secret” from your Notepad notes you copy/pasted during the Azure App Registration section above.
Set “CRM Type” = “Dynamics365-ClientID/Secret”
Set your Organization (unique) name and URL
Click “Verify” button and wait a few seconds to confirm the connection works.