I was recently working with a client where we had deployed Dynamics AX 7. One of the initiatives was to enable integration between Dynamics AX7 (The New Dynamics AX) and Scribe Online. Scribe Online has a variety of platforms where it can help enable integration. My client needed to setup integration between CRM Online and Dynamics AX7.
There are two pieces to enabling integration between Dynamics AX 7 and CRM online. The first piece is setting up the connecting agent and depending on your scenario it may be an On-Premise agent or it may be a Cloud agent. For the integration I was doing, it was a Cloud agent. The initial setup was almost a breeze, however, there was a key field that required a little additional work to get the integration working correctly.
Setting up a connection from Scribe to Dynamics AX
First, a connection to Dynamics AX was required, to do this the following steps were done:
- Create a New Connection in Scribe
- Select Microsoft Dynamics AX as the Type and then enter the following bits of information:
— I typically name it for the environment.
— Alias for Connection name (I typically name it the same as above w/o spaces).
— A nice color coding option used for a visual reference to distinguish connections.
OData Service URL
— The address of any acceptable URL where the OData service is located. This URL must end in /data.
— The name of the user who has rights to access OData.
— Dynamics AX7 authorized user that can access the oData feed.
Client Id — The GUID that identifies the client in the Dynamics AX system.
— The URL where the Client Id is verified which is the Microsoft Tenant URL: http://login.microsoftonline.com/DomainName
Here is what an almost configured connection looks like:
How to Configure the Client ID
The missing piece and the purpose of this blog is to explain and show how to configure the Client Id
. The Scribe Online documentation was pretty vague as to what or how to get the Client Id
. Here is directly from the Scribe Online help
– Client Id
— The GUID that identifies the client in the Dynamics AX system.
Ok, so that’s not very helpful, what is helpful to know is that Dynamics AX7 has 2 types of authentication mechanisms which are:
User authentication looks like this:
And acts like this:
- User Authentication
- Services Authentication (OAuth)
Service authentication, on the other hand, looks like this:
And acts like this (the part in red we will come back to in a minute):
- The User authenticates against their AAD
- The User presents a set of claims to AX (claims based authentication)
- Instead of a windows token (like on-premise AD) a user presents a set of claims saying my name is so and so and I belong to this tenant and this tenant has a subscription of AX.
- The Dynamics AX7 security subsystem says, all right, I’m going to verify your claims and look to see if you’re a valid user. If you’re a valid user, I’m going to look at all the security rules that are associated with you and then I’m going give you access to the system.
- User authenticates, creates user agent in AAD and consents to service(s) access
- The client receives Authorization code (Client ID)
- Now, the client can request access to resources with the authorization code
- AAD verifies authorization code and passes the client back an Access token
- The client now requests data from Dynamics AX7 with the Access token
- Hopefully the client now receives the data
On a side note, OData Services, JSON-based Custom Service, and REST Metadata Services all support standard OAuth 2.0 authentication.
This part is critical to understand as this is the missing link. Scribe Online is a service that needs to access Dynamics AX without a user being present (it’s a service and as such will follow service authentication).
To get scribe the Authorization code (Client Id) what is required is the following:
- Select Add an application my organization is developing
There are two kinds of application are supported in Microsoft Azure Active Directory (AAD):
- Provide a name for the application and select Native Client Application
- Native client application – This flow uses a user name and password for authentication and authorization.
- Web application (Confidential client) – A confidential client is an application that can keep a client password confidential to the world. The authorization server assigned this client password to the client application.
- Enter a URI (doesn’t matter) and click the check mark to complete the setup.
- You will land on the application page, click configure
- Here you will find the golden goose, the Client Id!
- Continue to scroll down to the bottom to permissions to other applications
- Click Add application and select Microsoft Dynamics ERP then click the check mark in the lower right-hand corner
- When you return to the application page, select Microsoft Dynamics ERP and in the drop down select all check boxes
You are now set to go back into the Scribe Connector and paste in the Client ID!
- Once you have completed this, the only remaining piece is configuring Scribe Online to connect to Dynamics CRM online. The previous connection was for connecting Scribe Online to Dynamics AX.
Hopefully, this will help understand why you need the client ID and where you can get it from.