This article will show how to set up an Azure DevOps Service Connection that will allow you to access your Dynamics 365 instance from within an Azure Pipeline.
When you are configuring an Azure Pipeline to access your Dynamics 365 you will need to create a Power Platform Service Connection. This service connection will need the following information:
- Server URL
- Tenant ID
- Application ID
- Client Secret of Application ID
- Service Connection Name
To provide these details, you will need to go to https://portal.azure.com and create an App Registration in Azure Active Directory.
Azure Active Directory
Create a New App Registration
- Open Azure Active Directory and click on App Registration
- Click New Registration and provide a name for your registration
- For the Redirect url use https://localhost
- Click Register - This will create the Azure App Registration for you. On the main screen you will be able to find Application ID and the Tenant ID that we need for the Power Platform Connection in Azure DevOps
Update the Manifest
Grant API Permission to Dynamics
- Open API Permissions select Add a permission and select Dynamics CRM
- You need to grant the user_impersonation permission to the App. Click Add permissions and then Grant admin consent to authorize the permission
- This step will give your App Registration permission to act as a user inside your Dynamics 365 environment
Create Secret Key
- The final step in the Azure App Registration is to open Certificates & secrets and create a new client secret
- Set a description and the desired length
- You will need to note this Secret key down as it will vanish after it is created and you can't retrieve it
- This key is needed for the Azure DevOps Service Connection
Create a new Application User
- When your App Registration is set up, the next step is to create your Application User account in Dynamics 365
- Open Advanced Settings > Security > Users
- Change the view to Application Users and then click on the New ribbon button
Apply the Application ID from Azure App Registration
- Make sure the selected View of User: Application User and paste in the App ID from your Azure App Registration
- When you click save the other fields will be populated with data
Grant Security Roles to the Application User
You will need to give this account appropriate security roles. At a minimum, it will need the North52 Test Shield - Administrator security role.
Note: If you are planning to use this registration for something like XrmToolBox, you should clone the existing System Administrator security role and grant it to this Application User account. The out of the box System Administrator security role will not work with an App Registration.
Now you have everything you need to create your Power Platform Service Connection.
- Open the Project in Azure DevOps and navigate to Service Connections
- Create a new Power Platform Service Connection and fill in the required information