In the previous post, we have discussed how to configure Azure AD B2C using the Open ID Connect method. One of the challenges that I had in my past experience is that the client has a strict requirement of data residency, due to the sensitivity of their business. Therefore, they are considering some 3rd party options that have their solution deployed in Australian data centre. Some of the options that we have explored are Auth0 and Okta.
The same principle of configuring Open ID Connect authentication, these 3 site settings records need to be created & configured:
Note: The key part of configuring authentication always be getting familiar with the product and how to find the right equivalent information 😊
Example of 3rd party External Identity Provider: Auth0
First of all, we need to make the “Application” as the container of our configuration in Auth0 management portal.
Select the Regular Web App option (this will have pre-configured settings for the auth token required for the majority of web apps).
Register the Allowed Origin and Callback URL(s) of our portal site. Mine is like below:
Take note of the client ID to be used for the portal configuration:
Expand the Advanced settings, take note the OAuth Authorization URL, this will be the value of “Authentication/OpenIdConnect/[provider]/Authority”
Configure the site settings to have the following items:
Example of 3rd party External Identity Provider: Okta
Similarly, when configuring Okta, need to set up the application as the container of our web app authentication configurations.
When creating the application, select the Web application
Configure the base URL, login redirect URL(s) & the Grant Type. I choose the below option (mimicking the Auth0/Azure AD B2C settings). Also, take note of the client ID.
To find the “Authentication/OpenIdConnect/[provider]/Authority” value, navigate to the API section and take note of the issuer URI
And add the Portal Base URL as the allowed/trusted origin
Then finally set up the site settings as below for Okta Auth:
Okta Auth Demo
I hope the flexibility of the Authentication framework that the Dynamics 365 Portal offers would help you to be able to leverage your existing IDP/Auth provider to connect to Dynamics 365 Portal easily.
In the next post, I will discuss some tips & tricks to get a more seamless end-user experience authenticating to the portal.
Hope this helps!