Administrator's Guide To Portal Capabilities For Microsoft Dynamics 365
User Manual:
Open the PDF directly: View PDF 
.
Page Count: 328
Administrator’s Guide to Portal Capabilities for
Microsoft Dynamics 365
1
�Contents
What’s new .............................................................................................................................................. 11
Privacy notice ....................................................................................................................................... 11
Installation Guide ........................................................................................................................................ 13
Provision a portal ..................................................................................................................................... 13
Before you provision a portal................................................................................................................ 13
Provision a portal .................................................................................................................................. 13
Troubleshoot Provisioning .................................................................................................................... 17
Set up custom domains and SSL certificates for a Dynamics 365 portal ............................................ 18
Enable multiple-language portal support ................................................................................................. 20
Supported languages ........................................................................................................................... 21
Create content in multiple languages ................................................................................................... 22
Configuration Guide .................................................................................................................................... 25
Configure a Dynamics 365 portal ............................................................................................................ 25
Create web roles for portals..................................................................................................................... 26
Attributes and relationships .................................................................................................................. 26
Optional default web role for authenticated users ................................................................................ 27
Optional default web role for unauthenticated users ............................................................................ 27
Enable help for Dynamics 365 portals ................................................................................................. 27
Customize Dynamics 365 portal forms, dashboards, and reports ....................................................... 27
Change the Dynamics 365 instance, audience, or type of portal ......................................................... 28
Manage knowledge articles using content access levels ........................................................................ 29
Create content access levels ............................................................................................................... 29
Assign content access levels to knowledge articles ............................................................................ 29
Assign content access levels to portal users ....................................................................................... 29
Use faceted search to improve portal search .......................................................................................... 30
Enable or disable faceted search ......................................................................................................... 30
Group entities as part of a record type for faceted view ...................................................................... 30
Use faceted search to improve knowledge search results ................................................................... 30
Engage with communities by using the community portal ....................................................................... 31
Set up and moderate forums ................................................................................................................... 32
Create a new forum .............................................................................................................................. 32
Edit an existing forum ........................................................................................................................... 32
Manage forums on a portal .................................................................................................................. 32
Forum attributes used by portals .......................................................................................................... 33
Manage forum threads ............................................................................................................................. 35
Manage forum threads in Microsoft Dynamics 365 .............................................................................. 35
Create forum threads on the portal ...................................................................................................... 36
Forum thread attributes used by portals .............................................................................................. 37
Manage forum thread types in Dynamics 365...................................................................................... 38
Forum thread type attributes ................................................................................................................ 38
Configure and manage knowledge categories and articles ..................................................................... 39
2
�Create a new knowledge category ....................................................................................................... 39
Associate knowledge articles ............................................................................................................... 39
Delete a knowledge category ............................................................................................................... 39
Configure web roles for a PRM portal ..................................................................................................... 40
Partner administrator ............................................................................................................................ 40
Partner manager .................................................................................................................................. 40
Partner seller ........................................................................................................................................ 40
Create a partner account on a partner relationship management (PRM) portal ..................................... 41
Create a partner account ...................................................................................................................... 41
Associate partner contacts with an account ......................................................................................... 41
Get started with the portal content editor ................................................................................................. 41
Use the content editor toolbar .............................................................................................................. 42
Edit the header ..................................................................................................................................... 42
Add a new webpage ............................................................................................................................. 42
Edit the primary navigation ................................................................................................................... 44
Manage child pages ............................................................................................................................. 44
Delete a page ....................................................................................................................................... 44
Use the front-side editing engine to publish content ............................................................................... 45
Content editor commands and controls ............................................................................................... 45
Create a link ......................................................................................................................................... 47
Link properties and commands ............................................................................................................ 47
Insert an image ..................................................................................................................................... 48
Image properties and commands ......................................................................................................... 48
Browse pages and files by using the file picker ................................................................................... 49
File picker commands .......................................................................................................................... 49
Create a theme for your portal ................................................................................................................. 50
What is Bootstrap? ............................................................................................................................... 50
Implement portal templates by using Bootstrap ................................................................................... 50
Customize Bootstrap ............................................................................................................................ 51
Apply a custom Bootstrap theme to your website ................................................................................ 51
Additional portal theme options ............................................................................................................ 52
Configure site settings for portals ............................................................................................................ 53
Manage site settings in Dynamics 365 ................................................................................................. 53
Configure Dynamics 365 portal authentication ........................................................................................ 54
Place child nodes by using shortcuts for portals ..................................................................................... 54
Manage shortcuts in Dynamics 365 ..................................................................................................... 54
Attributes and relationships .................................................................................................................. 55
Secure shortcuts .................................................................................................................................. 55
Navigate with shortcuts ........................................................................................................................ 56
Register and invite for a portal ................................................................................................................. 56
Local authentication ............................................................................................................................. 56
External authentication ......................................................................................................................... 56
Account sign-up (registration) .............................................................................................................. 57
Configure a contact for use on a portal ................................................................................................... 57
3
�Invite contacts to your portals .................................................................................................................. 58
Edit the Send Invitation workflow email template ................................................................................. 58
Create and configure invitations ........................................................................................................... 58
Run the Send Invitation workflow ......................................................................................................... 58
Set authentication identity for a portal ..................................................................................................... 59
Requirements ....................................................................................................................................... 60
Authentication overview ....................................................................................................................... 60
Forgot password or password reset ..................................................................................................... 61
Redeem an invitation ............................................................................................................................ 62
Manage user accounts through profile pages ...................................................................................... 63
Set or change a password .................................................................................................................... 63
Change or confirm an email address ................................................................................................... 63
Change or confirm mobile phone ......................................................................................................... 64
Enable two-factor authentication .......................................................................................................... 64
Manage external accounts ................................................................................................................... 65
Enable ASP.NET identity authentication .............................................................................................. 65
Enable/disable user registration ........................................................................................................... 67
User credential validation ..................................................................................................................... 67
User account lockout settings .............................................................................................................. 68
OAuth2 provider settings for portals ........................................................................................................ 69
Create OAuth applications ................................................................................................................... 69
Create site settings using OAuth2 ........................................................................................................ 71
Open ID Connect provider settings for portals ........................................................................................ 73
OpenID settings for Azure Active Directory.......................................................................................... 74
Create site settings using OpenID ....................................................................................................... 74
WS-Federation provider settings for portals ............................................................................................ 77
Create an AD FS relying party trust ..................................................................................................... 77
WS-Federation settings for Azure Active Directory .............................................................................. 80
SAML 2.0 provider settings for portals .................................................................................................... 81
AD FS (IdP) .......................................................................................................................................... 82
SAML 2.0 settings for Azure Active Directory ...................................................................................... 86
Shibboleth Identity Provider 3 .............................................................................................................. 87
Configure AD FS by using PowerShell ................................................................................................ 89
Facebook App (Page Tab) authentication for portals .............................................................................. 92
Prerequisites......................................................................................................................................... 92
Configure IIS......................................................................................................................................... 92
Configure display mode........................................................................................................................ 93
Test the site bindings ........................................................................................................................... 93
Set up the Facebook app ..................................................................................................................... 93
Publish the app ..................................................................................................................................... 94
Add the Facebook page tab to your Facebook page ........................................................................... 94
Control webpage access for portals ........................................................................................................ 95
Assign a permission set to a web role for portals .................................................................................... 97
Add record-based security by using entity permissions for portals ......................................................... 98
4
�Adding entity permissions to a web role ............................................................................................... 98
Global scope......................................................................................................................................... 99
Contact scope ...................................................................................................................................... 99
Account scope .................................................................................................................................... 100
Self scope ........................................................................................................................................... 100
Parental scope ................................................................................................................................... 100
Attributes and relationships ................................................................................................................ 100
Global permissions for tasks related to leads .................................................................................... 101
Contact-scoped permissions for tasks ............................................................................................... 103
Define entity forms and custom logic within the Dynamics 365 portal .................................................. 104
Add a form to your portal .................................................................................................................... 104
Secure your forms .............................................................................................................................. 105
Web form properties for portals ............................................................................................................. 105
Web form attributes ............................................................................................................................ 106
Progress indicator settings ................................................................................................................. 107
“Save changes” warning ..................................................................................................................... 109
Web form metadata ............................................................................................................................ 109
Web form steps for portals..................................................................................................................... 117
Load form and load tab step type .......................................................................................................... 119
In this topic ......................................................................................................................................... 119
Settings ............................................................................................................................................... 119
Additional settings .............................................................................................................................. 121
Form options....................................................................................................................................... 122
Associate the current portal user with the creation of a record .......................................................... 122
Entity reference .................................................................................................................................. 122
Additional functionality........................................................................................................................ 124
Redirect step type .................................................................................................................................. 125
Conditional step type ............................................................................................................................. 126
Attributes ............................................................................................................................................ 126
Format ................................................................................................................................................ 127
Custom JavaScript ................................................................................................................................. 128
Form fields .......................................................................................................................................... 128
Additional client-side field validation .................................................................................................. 128
General validation .............................................................................................................................. 129
Web form metadata for portals .............................................................................................................. 130
Web form metadata properties ........................................................................................................... 130
Web form metadata type = Attribute .................................................................................................. 131
Web Form metadata type = Section ................................................................................................... 136
Web Form metadata type = Tab ........................................................................................................ 136
Web Form subgrid configuration for portals .......................................................................................... 137
Adding subgrid metadata to your form ............................................................................................... 137
Attributes ............................................................................................................................................ 139
Create action ...................................................................................................................................... 140
Download action ................................................................................................................................. 141
5
�Associate action ................................................................................................................................. 142
Details action ...................................................................................................................................... 143
Edit action ........................................................................................................................................... 144
Delete action....................................................................................................................................... 146
Workflow action .................................................................................................................................. 147
Disassociate action ............................................................................................................................ 147
Notes configuration for web forms for portals ........................................................................................ 148
Attributes ............................................................................................................................................ 149
Create dialog options ......................................................................................................................... 150
Edit dialog options .............................................................................................................................. 151
Delete dialog options .......................................................................................................................... 152
Add a webpage to render a list of records ............................................................................................. 153
Add an entity list to your portal ........................................................................................................... 154
Entity list attributes and relationships ................................................................................................. 154
Add custom Javascript ....................................................................................................................... 156
Entity list configuration ....................................................................................................................... 157
Securing entity lists ............................................................................................................................ 164
Adding a view details page ................................................................................................................. 164
Entity list filter configuration ................................................................................................................ 166
Entity list map view ............................................................................................................................. 172
Entity list calendar view ...................................................................................................................... 173
Enhanced Dynamics 365 view filter for entity lists ............................................................................. 173
Entity list OData feeds ........................................................................................................................ 173
Create and run advertisements on a portal ........................................................................................... 173
Create and run advertisements .......................................................................................................... 174
Ads ..................................................................................................................................................... 174
Ad placements .................................................................................................................................... 174
Using Liquid templates to place advertisements ................................................................................ 176
Attributes ............................................................................................................................................ 177
Gather feedback by using polls on a portal ........................................................................................... 178
Add a poll to the page ........................................................................................................................ 179
Create a poll placement ..................................................................................................................... 179
Polls .................................................................................................................................................... 180
Poll attributes ...................................................................................................................................... 180
Poll options ......................................................................................................................................... 182
Poll option attributes ........................................................................................................................... 182
Poll submissions ................................................................................................................................. 182
Rate or vote on a webpage or blog post on a portal ............................................................................. 185
Enable page ratings ........................................................................................................................... 185
Use ratings ......................................................................................................................................... 185
Manage ratings in Dynamics 365 ....................................................................................................... 186
Redirect to a new URL on a portal ........................................................................................................ 186
Create a redirect ................................................................................................................................. 187
Use the redirect .................................................................................................................................. 188
6
�End User Guide ......................................................................................................................................... 189
Manage portal content ........................................................................................................................... 189
Create forum posts on the portal ........................................................................................................... 189
Create forum posts ............................................................................................................................. 189
Attribute relationships ......................................................................................................................... 190
Moderate forums .................................................................................................................................... 190
Assign moderators to forums in Microsoft Dynamics 365 .................................................................. 191
Forum moderation within the portal .................................................................................................... 191
Manage forum access permissions in Dynamics 365 ........................................................................ 192
Attributes relationships ....................................................................................................................... 194
Subscribe to alerts ................................................................................................................................. 194
Subscribe to alerts in the portal .......................................................................................................... 194
Unsubscribe from alerts in the portal ................................................................................................. 195
Manage forum alerts in Microsoft Dynamics 365 ............................................................................... 195
Attributes relationships ....................................................................................................................... 196
Manage blogs ........................................................................................................................................ 196
Manage blogs in Dynamics 365 ......................................................................................................... 196
Manage blogs on a portal ................................................................................................................... 196
Security............................................................................................................................................... 197
Blog attributes and relationships ........................................................................................................ 197
Manage blog posts in Dynamics 365 ................................................................................................. 199
Manage blogs posts on a portal ......................................................................................................... 199
Blog post attributes and relationships ................................................................................................ 200
Manage blog post comments on a portal ........................................................................................... 201
Blog post comment attributes and relationships ................................................................................ 201
Crowdsource ideas ................................................................................................................................ 202
Manage idea forums in Microsoft Dynamics 365 ............................................................................... 203
Access permissions ............................................................................................................................ 203
Idea forum attributes and relationships .............................................................................................. 203
Manage ideas in Dynamics 365 ......................................................................................................... 204
Idea attributes and relationships ........................................................................................................ 204
Manage idea comments in Dynamics 365 ......................................................................................... 206
Idea comment attributes and relationships ........................................................................................ 206
Manage idea votes in Dynamics 365 ................................................................................................. 206
Idea vote attributes and relationships ................................................................................................ 206
Create, edit, and distribute opportunities in Dynamics 365 ................................................................... 207
Create an opportunity ......................................................................................................................... 207
Distribute an opportunity .................................................................................................................... 207
Enable partners to view the progress of an opportunity ..................................................................... 208
How partners can collaborate with each other ................................................................................... 208
Partner dashboard contains data on current managed and distributed opportunities ....................... 208
Register a deal for a new or existing opportunity ............................................................................... 209
Approve opportunities registered by a partner ................................................................................... 209
Project Service Automation integration ................................................................................................. 209
7
�View projects on the partner portal .................................................................................................... 209
View and approve project quotes on the partner portal ..................................................................... 210
View project invoices on the partner portal ........................................................................................ 210
View project contracts and order forms on the partner portal ............................................................ 211
View confirmed, bookable resources by project and role on the partner portal ................................. 211
Field Service integration ........................................................................................................................ 212
View agreements on the partner portal .............................................................................................. 212
View assets on the partner portal ....................................................................................................... 213
View work orders for field service on the partner portal ..................................................................... 213
View invoices for field service on the partner portal ........................................................................... 214
Automatically distribute opportunities to preferred partners ............................................................... 215
Partner ranking metrics ...................................................................................................................... 215
Partner ranking weights ...................................................................................................................... 216
Manage web links in Dynamics 365 or on portals ................................................................................. 217
Manage web links in Dynamics 365 ................................................................................................... 217
Manage web links in a portal .............................................................................................................. 217
Multilevel web link sets ....................................................................................................................... 217
Web link set attributes and relationships ............................................................................................ 217
Web link attributes and relationships ................................................................................................. 218
Invite contacts to your portals ................................................................................................................ 219
Edit Send Invitation workflow email template ..................................................................................... 220
Create and configure invitations ......................................................................................................... 220
Run the Send Invitation workflow ....................................................................................................... 220
Customization Guide ................................................................................................................................. 222
Customize content by using content snippets ....................................................................................... 222
Edit snippets ....................................................................................................................................... 222
Edit using the front-side editing engine .............................................................................................. 222
Edit by using Dynamics 365 ............................................................................................................... 222
Add dynamic content and create custom templates .............................................................................. 223
In this section ..................................................................................................................................... 223
Store source content by using web templates ....................................................................................... 224
Web template attributes ..................................................................................................................... 224
Web templates as page templates ..................................................................................................... 224
Web templates as website headers and footers ................................................................................ 225
Built-in web templates ........................................................................................................................ 225
Understand Liquid operators ................................................................................................................. 228
Basic operators .................................................................................................................................. 229
contains .............................................................................................................................................. 229
startswith ............................................................................................................................................ 229
endswith ............................................................................................................................................. 229
Liquid types ............................................................................................................................................ 230
String .................................................................................................................................................. 230
Number ............................................................................................................................................... 230
Boolean .............................................................................................................................................. 230
8
�Array ................................................................................................................................................... 231
Dictionary............................................................................................................................................ 231
DateTime ............................................................................................................................................ 231
Null ..................................................................................................................................................... 232
Conditional ............................................................................................................................................. 232
Liquid objects ......................................................................................................................................... 233
ads ...................................................................................................................................................... 235
blogs ................................................................................................................................................... 238
entities ................................................................................................................................................ 240
entitylist............................................................................................................................................... 244
entityview ............................................................................................................................................ 248
events ................................................................................................................................................. 249
forloop................................................................................................................................................. 250
forums................................................................................................................................................. 252
page .................................................................................................................................................... 255
polls .................................................................................................................................................... 257
request................................................................................................................................................ 260
searchindex ........................................................................................................................................ 261
settings ............................................................................................................................................... 262
sitemap ............................................................................................................................................... 263
sitemarkers ......................................................................................................................................... 265
snippets .............................................................................................................................................. 266
tablerowloop ....................................................................................................................................... 266
user..................................................................................................................................................... 267
weblinks .............................................................................................................................................. 268
website ............................................................................................................................................... 268
Liquid tags.............................................................................................................................................. 271
White space control ............................................................................................................................ 271
Tags ....................................................................................................................................................... 272
Control flow tags ................................................................................................................................. 272
Iteration tags ....................................................................................................................................... 274
Variable tags....................................................................................................................................... 279
Template tags ..................................................................................................................................... 280
Dynamics 365 entity tags ................................................................................................................... 281
Liquid filters ............................................................................................................................................ 292
Array filters ......................................................................................................................................... 292
Date filters .......................................................................................................................................... 298
Entity list filters ................................................................................................................................... 301
Math filters .......................................................................................................................................... 302
String filters......................................................................................................................................... 305
Type filters .......................................................................................................................................... 310
URL filters ........................................................................................................................................... 311
Additional filters .................................................................................................................................. 314
Create advanced templates for portals .................................................................................................. 315
9
�Create a custom page template by using Liquid and a web template page template ........................... 316
Create a custom page template to render an RSS feed ....................................................................... 320
Render the entity list associated with the current page ......................................................................... 323
Render a website header and primary navigation bar ........................................................................... 326
Render up to three levels of page hierarchy by using hybrid navigation ............................................... 328
10
�What’s new
Applies To: Dynamics 365 (online), Dynamics CRM Online
The December 2016 update has brought many new features to the portal capabilities of Dynamics 365.
These updates allow for better interactions among companies, partners, and customers and make the
experience of navigating the portal faster and easier. Some of the major updates include:
Multiple language support: Support customers from multiple regions by using a single portal.
East Asian language support: Multi-byte languages such as Japanese, Chinese, and Korean
are now supported.
Faceted search: New filters improve how quickly customers can find the content they are looking
for while granting more control over visibility of content.
Product filtering: Portal users can trim access knowledge articles related to their product
ownership to avoid information overload.
Content access levels: A new level of ownership associated with Portal contact, account, or
web role that is used to control access to knowledge articles. Provide the right article for the right
audience and prevent irrelevant articles from surfacing.
Knowledge article reporting enhancement: The portal tracks where a knowledge article was
used in the portal.
Project Service Automation integration: Provide access and visibility for active and closed
projects across all stages of a project lifecycle to partners and customers. Team members,
reviewers, and customers can view project status, quotes, order forums, and bookable resources
on the portal with this solution.
Field Service integration: Expose information about active agreements, assets, work orders,
invoices, and support cases to partners and customers on the portal with this solution.
Partner onboarding: Recruit new partners for better customer sales and service experiences.
Potential partners can apply for partner status through the portal.
Privacy notice
By enabling the portal capabilities for Microsoft Dynamics 365, Dynamics 365 data, such as customer
name, product name, case number, or any custom entity data, can be exposed through an external-facing
Dynamics 365 portal. Any data exposed through the portal is stored in memory in Microsoft Azure Web
Apps for caching and also as files on the local hard drive to enable portal search functionality.
A tenant administrator enables Dynamics 365 portals by configuring it through the Dynamics 365
Administration Center, which also installs a package (with solutions and data) in the selected Dynamics
365 instance. A tenant administrator or a Dynamics 365 user set up as a Portal Administrator can then
specify the data that will be exposed through the portal. To subsequently disable the portal capabilities, a
tenant administrator can cancel the Portal Add-on subscription with Office 365.
Azure components and services that are involved with the portal capabilities are detailed in the following
sections.
Note: For more information about additional Azure service offerings, see the Microsoft Azure Trust
Center.
Azure Web Apps
Azure Web Apps are used to host the portal in Azure.
Azure Traffic Manager
11
�Azure Traffic Manager is used to ensure the high availability of the service by routing the user to the Web
Apps that are up and running.
Azure Service Bus
Azure Service Bus (Topics/Subscriptions) is used for cache invalidation of the portals. Azure Service
Bus temporarily stores the messages, which are triggered when any portal-related record is changed in
Dynamics 365, and are passed along to Web Apps to do the cache invalidation.
Azure Key Vault
All services store configuration data in Azure Key Vault.
Azure Storage
Data related to the organization, tenant, and portal is stored in Azure Storage.
Azure Active Directory
All the web services use Azure Active Directory to authenticate.
12
�Installation Guide
Provision a portal
Applies To: Dynamics 365 (online), Dynamics CRM Online
Portals are websites that you can customize to provide a more personalized experience to your
customers, partners, or internal employees. Portals integrate with Dynamics 365 to show data from
Dynamics on the portal. By using portals, you can create a variety of experiences where portal users can
perform several tasks. For example:
Customers can submit cases and find knowledge articles
Partners can see and manage sales opportunities
Internal employees can create and see best practices
Note: You must be a Global Administrator role to provision a portal.
Before you provision a portal
You must create portal resources and finish the portal package installation before provisioning a portal.
Create portal resources
1. Go to the Applications page of the Dynamics 365 Administration Center.
2. Under Application, the portal will have the name of “Name-Configuring”.
3. After this task is finished, this will change to “Name”.
Verify completion of the package installation
1. Go to the Applications page of the Dynamics 365 Administration Center.
2. Select the portal, and then select the blue pencil button labeled Manage.
a. If the installation process is not finished, there will be a message at the top stating “This
portal is currently being configured and updates are not allowed. Please try again later.”
b. If the portal resources are created but the package installation is not finished, the
message will instead be “Your Portal URL has been created. However, package
installation is still in progress. Please check status here.”
Provision a portal
To complete provisioning a portal, after you have purchased a new portal license, return to your
Dynamics 365 instance.
1. Go to the Dynamics 365 Administration Center and click the Applications tab.
2. Select the application row titled Portal Add-On and click Manage.
3. In the General Settings section, enter a Name for your portal. The Name will help to identify the
portal and can be changed later.
13
�4. The Type field represents the type of portal subscription (Trial or Production). This is a system
field, so it cannot be changed by the user. The value changes based on if it is trial subscription or
paid subscription.
5. In the Portal URL field, enter the subdomain name you want for your portal. You may only use
alphanumeric characters or hyphens (-); other characters are not permitted. After the portal is
provisioned, the URL cannot be changed, but a custom domain name can be used.
6. Use the Dynamics 365 Instance drop-down list to choose which Dynamics 365 instance you
want to link the portal to. Requires System Administrator or System Customizer role in the
Dynamics 365 instance you pick to select it.
7. Choose the default language for your portal from the Select Portal Language drop-down list.
The available languages will depend on the languages that are installed in your Dynamics 365
instance. Sample data is only provided in one language, so choosing a default language will also
decide how the sample data is translated. Arabic and Hebrew are not supported and will not show
up.
8. In the Select Portal Administrator drop-down list, select the Dynamics 365 user who will
configure, customize, and maintain the portal. All Dynamics 365 users who have the System
Administrator role in the organization will show up as options.
9. In the Portal Audience section, choose the type of audience who will visit the new portal. This
will determine what options of portals you will be given. You can choose:
Partner
o Customer Self Service Portal
o Custom Portal
o Partner Portal
Partner Project Service (Optional, requires solutions installed)
Partner Field Service (Optional, requires solutions installed)
o Community Portal
Customer
o Customer Self Service Portal
o Custom Portal
o Community Portal
Employee
o Employee Self Service Portal
Feature
Customer SelfService Portal
Partner
Portal
Employee SelfService Portal
Community
Portal
Custom Portal
World Ready
•
•
•
•
•
Multi-Language Support
•
•
•
•
•
Portal Administration
•
•
•
•
•
Customization and Extensibility
•
•
•
•
•
Theming
•
•
•
•
•
Content Management
•
•
•
Knowledge Management
•
•
•
•
14
�Feature
Customer SelfService Portal
Partner
Portal
Employee SelfService Portal
Community
Portal
Support/Case Management
•
•
•
Forums
•
•
•
Faceted Search
•
•
Profile Management
•
•
Subscribe to Forum Thread
•
•
Comments
•
•
Azure AD Authentication
Custom Portal
•
•
Ideas
•
Blogs
•
Project Service Automation
Integration
•
Field Service Integration
•
Partner Onboarding
•
Portal Base
•
Portal Workflows
•
Web Notifications
•
Microsoft Identity
•
Identity Workflows
•
Web Forms
•
Feedback
•
10. In the Select portal to be deployed section, choose what type of portal you want to create. The
options you see are based on the audience you selected.
15
�11. Click Submit, and accept the Terms of Service.
You will be redirected to the Microsoft Office 365 sign in page. Select the Dynamics 365 user that
you used to create the portal.
You will be asked to provide consent for the Dynamics 365 portals.
16
�After you consent, your portal will begin provisioning. Provisioning usually takes a few hours, but can take
more depending on system load. The Name of the portal on the Application tab will change to “NameConfiguring” while it is provisioning. Navigate back to the portal management page to check whether
provisioning has succeeded.
Troubleshoot Provisioning
Sometimes the package installation process or URL creation process can error out. In these cases, the
processes can be restarted.
If “Name-Configuring” changes to “Name-Provisioning Failed,” you need to restart the provisioning
process.
1. Go to the Applications page and select the portal.
2. Select the blue pencil button labeled Manage.
3. Choose one of the following options:
Restart Provisioning: Restarts the installation process with the configuration that was
previously defined.
Change Values and Restart Provisioning: Lets you change some of the values before
restarting the provisioning process.
17
�If the package installation has failed, the Portal administrator page will open without any issues, but
navigating to the actual portal URL will show a message “Getting set up.” To confirm this:
1. Go to the Solution Management page of the Dynamics 365 Administration Center and check that
the package status is “Install Failed.”
2. If the package status is “Install Failed,” try retrying the installation from the solution page. Also,
be sure to check that a system administrator in Dynamics 365 is installing the solution with the
default language in Dynamics 365 set to the language the portal should be installed in.
Note
Some solutions have prerequisites for their installation, so an installation will fail if the prerequisites are
not met. For example, to install the Partner Field Service for a partner portal, the Partner Portal and Field
Service solutions must have already been installed. If you attempt to install the Partner Field Service first,
the installation will fail and give you an error message.
Set up custom domains and SSL certificates for a
Dynamics 365 portal
A custom domain can help your customers find your support resources more easily and enhance your
brand. Only one custom domain name can be added to a portal. After you have provisioned your portal
and acquired your domain name, you will need an SSL certificate to set up a custom host name.
18
�1. Go to the Dynamics 365 Online Admin center and click the Applications tab.
2. Select the name of the portal you want to set up a custom domain for and click Manage.
3. Click on Portal Actions.
4. Click on Add a Custom Domain Name
After you have purchased an SSL certificate for your domain, you can use it to link your Dynamics 365
portal to a custom domain using the wizard.
1. Click Upload a new certificate if you have not yet uploaded the .pfx file to the organization. Click
the upload button underneath File and select the .pfx file. Next enter the password for your SSL
certificate in the Password field. Otherwise click Use an existing certificate and choose the
correct certificate from the drop-down menu. Be sure that you are using a SHA2 certificate, SHA1
support is being removed from popular browsers.
2. Click Add a new hostname to create a new custom domain. Enter the desired domain name into
the Domain Name field. Otherwise, click Use an existing host name and choose the desired
host name from the drop-down menu. You can only have one custom domain name for a portal.
Note
To create a custom host name, you will need to create a CNAME with your domain provider
that points your domain to the URL of your Dynamics 365 portal.
19
�If you have just added a CNAME with your domain provider, it will take some time to propagate
to all DNS servers. If the name is not propagated and you add it here, this will show a message
“Plead add a CNAME record to this domain name.” Retry after some time passes.
3. Review the information you have entered, then click Next to begin creating the SSL Binding.
4. You should see the message “Custom Domain name has been successfully configured for this
Portal. You can now go to {Custom Domain Name} to access this portal.” {Custom Domain
Name} will be a hyperlink to the Custom Portal URL that was just configured. Click Finish to
close the wizard
Enable multiple-language portal support
Applies To: Dynamics 365 (online), Dynamics CRM Online
Business is not confined to a single language. One portal’s surface content can now exist in multiple
languages to reach customers around the world while keeping a single content hierarchy. To enable
multiple languages for a portal, follow these steps after signing in to Dynamics 365:
1. Enable languages in a Dynamics 365 organization.
2. Go to Portals > Website > Websites.
3. Select the website to add language support to.
4. Find the Supported Languages section under the General tab, and click the + button.
5. Fill in the form, including Portal Language (a lookup of languages that are activated in the
organization and are supported by portals) and Publishing State.
20
�Supported languages
The table below shows all 43 languages currently available out of the box. This list can be found in
Dynamics 365 by going to Portals > Content > Portal Languages. The Portal Display Name of a
language can be changed after selecting the language to change from this page. Note that the list now
includes East Asian languages (Japanese, Chinese, and Korean).
Name
Language Code
LCID
Portal Display Name
Basque - Basque
eu-ES
1069
euskara
Bulgarian - Bulgaria
bg-BG
1026
български
Catalan - Catalan
ca-ES
1027
català
Chinese - China
zh-CN
2052
中文(中国)
Chinese - Hong Kong SAR
zh-HK
3076
中文(香港特別行政區)
Chinese - Traditional
zh-TW
1028
中文(台灣)
Croatian - Croatia
hr-HR
1050
hrvatski
Czech - Czech Republic
cs-CZ
1029
čeština
Danish - Denmark
da-DK
1030
dansk
Dutch - Netherlands
nl-NL
1043
Nederlands
English
en-US
1033
English
Estonian - Estonia
et-EE
1061
eesti
21
�Finnish - Finland
fi-FI
1035
suomi
French - France
fr-FR
1036
français
Galician - Spain
gl-ES
1110
galego
German - Germany
de-DE
1031
Deutsch
Greek - Greece
el-GR
1032
Ελληνικά
Hindi - India
hi-IN
1081
ह िं दी
Hungarian - Hungary
hu-HU
1038
magyar
Indonesian - Indonesia
id-ID
1057
Bahasa Indonesia
Italian - Italy
it-IT
1040
italiano
Japanese - Japan
ja-JP
1041
日本語
Kazakh - Kazakhstan
kk-KZ
1087
қазақ тілі
Korean - Korea
ko-KR
1042
한국어
Latvian - Latvia
lv-LV
1062
latviešu
Lithuanian - Lithuania
lt-LT
1063
lietuvių
Malay - Malaysia
ms-MY
1086
Bahasa Melayu
Norwegian (Bokmål) - Norway
nb-NO
1044
norsk bokmål
Polish - Poland
pl-PL
1045
polski
Portuguese - Brazil
pt-BR
1046
português (Brasil)
Portuguese - Portugal
pt-PT
2070
português (Portugal)
Romanian - Romania
ro-RO
1048
română
Russian - Russia
ru-RU
1049
русский
Serbian (Cyrillic) - Serbia
sr-Cyrl-CS
3098
српски
Serbian (Latin) - Serbia
sr-Latn-CS
2074
srpski
Slovak - Slovakia
sk-SK
1051
slovenčina
Slovenian - Slovenia
sl-SI
1060
slovenščina
Spanish (Traditional Sort) - Spain
es-ES
3082
español
Swedish - Sweden
sv-SE
1053
svenska
Thai - Thailand
th-TH
1054
ไทย
Turkish - Turkey
tr-TR
1055
Türkçe
Ukrainian - Ukraine
uk-UA
1058
Vietnamese - Vietnam
vi-VN
1066
українська
Tiếng Việt
Create content in multiple languages
In Dynamics 365, go to Portals > Content > Web Pages to see a list of content. For each web page,
there will be a parent version of the page and a child version of the page for each language activated for
the portal. To add a new localization of the page, navigate to a base page and scroll down to Localized
Content. Click on the + button on the right side to create a look-up for the localized version.
22
�If a portal will be in multiple languages, it is best to create the portal after all the languages you want have
been activated in the organization. This will allow for the drop-down menu at the top of the Web Pages
window to be translated into all the chosen languages. If languages are activated after the portal has
been provisioned, this menu will not be translated into the newly activated languages.
Knowledge articles will only be displayed if they have been translated into the language the user sets the
portal to. However, forums and blogs allow for more control over how they are presented in other
languages. After navigating to a forum or blog entity in Dynamics 365, changing the Form Language field
will allow for control over how these entities are translated. If specific languages are defined, it will
function like the knowledge articles. If the field is blank it will be agnostic and show up in all versions of
the portal as the primary language of the organization.
Web link sets are the navigation links at the top of the portal. By navigating to Portals > Content > Web
Link Sets you can control how this content is translated. When a language is active for the portal, a new
set of links will be created for the newly activated language.
23
�24
�Configuration Guide
Configure a Dynamics 365 portal
Applies To: Dynamics 365 (online), Dynamics CRM Online
Learn how to configure portals and customize Microsoft Dynamics 365. Dynamics 365 portals offer
powerful customization options to:
Modify the behavior or visual style of a portal. More information: Configure site settings for
portals
Add dynamic content to pages and create a wide variety of custom templates. More information:
Add dynamic content and create custom templates
Associate an authenticated portal user with either a Dynamics 365 contact or system user. More
information: Configure a contact for use on a portal
Authenticate portal users by using local user credentials and external identity provider accounts.
A new user can register for an account or redeem an invitation to create an account. More
information: Set authentication identity for a portal
Assign permissions to secure content and allow front-side editing.
Let users add forms to collect data from portals. Entity forms that are created in Dynamics 365
can be added to web pages in portals, or used with subgrids to build complete web applications.
More information: Define entity forms and custom logic within the Dynamics 365 portal
Customize Dynamics 365 to create surveys and customize questions by combining Dynamics
365 native field types with additional metadata.
Create and run advertisements on a portal
Gather feedback by using polls on a portal
Rate or vote on a webpage or blog post on a portal
Redirect to a new URL on a portal
See also
Configure site settings for portals
Place child nodes by using shortcuts for portals
Add dynamic content and create custom templates
Configure Dynamics 365 portal authentication
Set authentication identity for a portal
Define entity forms and custom logic within the Dynamics 365 portal
Add a webpage to render a list of records
Create and run advertisements on a portal
Gather feedback by using polls on a portal
Rate or vote on a webpage or blog post on a portal
Redirect to a new URL on a portal
25
�Create web roles for portals
Applies To: Dynamics 365 (online), Dynamics CRM Online
After a contact has been configured to use the portal, it must be given one or more web roles to perform
any special actions or access any protected content on the portal. For example, to access a restricted
page, the contact must be assigned to a role to which read for that page is restricted to. To publish new
content, the contact must be placed in a role which is given content publishing permissions.
To create a web role:
1. Navigate to Portals
2. Click Web Roles
3. Click New
4. Specify values for the fields provided
5. Click Save
Attributes and relationships
The table below explains many of the Web Role attributes used by Dynamics 365 portals.
Name
Description
Name
The descriptive name of the Web Role
Website
The associated website
Description
An explanation of the Web Role's purpose.
Optional.
Authenticated Users Role
Boolean. If set to true, this will be the default web
role for authenticated users (see below).
Note
Only one Web Role with the Authenticated
Users Role attribute set to true should exist for a
given website. This will be the default web role
for authenticated users that have not been
assigned a web role.
Anonymous Users Role
Boolean. If set to true, this will be the default web
role for unauthenticated users (see below).
Note
Only one Web Role with the Anonymous Users
Role attribute set to true should exist for a given
website. This will be the default web role for
unauthenticated users. **The Anonymous
Users Role will only respect Entity
Permissions.
26
�Name
Description
Now that the Web Role has been created, you will be able to configure it to meet your needs via various
permissions, rules, and associations.
Optional default web role for authenticated users
By enabling the "Authenticated Users Role", it will become the default web role for all users. This role is
commonly used to provide a predetermined access for users that are not associated to any other roles.
Keep in mind that users can have multiple web roles, but there can only be one Authenticated Users web
role for authenticated users.
Optional default web role for unauthenticated users
The Anonymous Users Role is intended to be used with Entity Permissions. It will not respect any other
rules or permissions. By enabling the "Anonymous Users Role" it will become the default web role for all
users. There can only be one Anonymous Users web role for unauthenticated users.
See also
Control webpage access for portals
Assign permission set to a web role for portals
Add record-based security by using entity permissions for portals
Enable help for Dynamics 365 portals
To make sure users get the right information when they click the Help button, you need to set Dynamics
365 to use custom Help. Go to Settings > Administration, click System Settings, click the General tab,
and select Yes for Use custom Help for customizable entities.
Customize Dynamics 365 portal forms, dashboards,
and reports
If you want to customize any of the portal forms, dashboards, or reports, you can find more information
about customizing Microsoft Dynamics 365 in the following links:
TechNet: Customize your Dynamics 365 system
TechNet: Create and design forms
TechNet: Create and edit dashboards
TechNet: Create and edit processes
TechNet: Report & Analytics with Dynamics 365
27
�See also
Configure a Dynamics 365 portal
Change the Dynamics 365 instance, audience, or type
of portal
After your portal is created and provisioned, you can change the details of your Dynamics 365 instance
and portal.
1. Go to the Dynamics 365 Online Admin center and click the Applications tab.
2. Select the name of the portal you want to edit and click Manage.
3. Click the Manage Dynamics 365 Instance tab. On this page, you can review the Dynamics 365
instance that is currently linked to your portal.
4. Click the Update Dynamics 365 Instance button. In the dialog, use the provided fields to change
your Dynamics 365 instance, portal language, or your portal administrator. You can also keep the
same Dynamics 365 instance, but change Portal audience or type of portal.
5. Click the
button to confirm your changes.
28
�See also
Engage with communities by using the community portal
Configure a Dynamics 365 portal
Manage knowledge articles using content access
levels
Applies To: Dynamics 365 (online), Dynamics CRM Online
Content access levels give another level of control separate from web roles to be able to control access
to knowledge articles in a portal. Content access levels make a well-designed knowledge base more
capable to provide the right content to the right audience. This allows for more structured learning paths
that keep irrelevant content from surfacing.
Create content access levels
1. Log into Dynamics and navigate to Portals > Security > Content Access Levels.
2. Click the New button in the ribbon.
3. Fill in the Name and Description.
4. Change Default Access Level from No to Yes if it should be the default.
5. Click the Save button in the ribbon.
Assign content access levels to knowledge articles
1. Open the Interactive Service Hub.
2. Select the Knowledge Article you wish to edit or create a new article.
3. Click Summary just above the progress bar.
4. Under Related Information (third column) select the symbol that looks like a lock.
5. Press + to add a new Content Access Level or the Trash Can symbol next to a Content Access
Level to remove it.
Assign content access levels to portal users
1. Log into Dynamics and navigate to Portals > Security > Contacts.
2. Select the Contact you wish to edit.
3. Under the Details tab, find the Content Access Levels section.
4. Press + to add a new content access level or the Trash Can symbol next to a content access
level to remove it.
Content access levels can also be inherited to a user if assigned to a Web Role, Parent Contact, or
Account that the user is connected to. This inheritance avoids the need to reassign/update content
29
�access levels at an individual level. Web Roles are assigned a content access level by navigating to
Portals > Security > Web Roles and then following the same steps. Accounts are assigned a
content access level by navigating to Sales > Accounts then selecting the account to edit. After the
account is selected, find the Content Access Levels section on the right side of the screen and use
the + and Trash Can buttons to add or remove a content access level.
Use faceted search to improve portal search
Applies To: Dynamics 365 (online), Dynamics CRM Online
Portal content may be searched using filters based on characteristics of the content. Faceted portal
searches allow customers to find their desired content faster than a traditional search through the filters
implemented by this feature.
Enable or disable faceted search
Out-of-the-box faceted search is enabled in your portals. To control and/or enable it follow these steps:
1. Log into Dynamics and navigate to Portals > Website > Site Settings.
2. Locate the Site Setting named Search/FacetedView and select it.
3. Change the Value to True to enable or False to disable Faceted Search.
If you wish to only disable one piece of the Faceted View, then follow these steps instead:
1. Log into Dynamics and navigate to Portals > Web Templates.
2. Select view to disable (i.e. Knowledge Management – Top Rated Articles)
3. Click the Deactivate button at the top of the page.
Group entities as part of a record type for faceted view
The site setting Search/RecordTypeFacetsEntities allows you to group similar entities together so users
have logical ways of filtering search results. For example, instead of having separate options for forums,
forum posts, and forum threads; these entities are grouped under the Forums record type.
In Dynamics 365, navigate to Portals > Websites > Site Settings and open the
Search/RecordTypeFacetsEntities site setting. Notice that the different entities are preceded by the
word Forums:. This is because the first value is the name with they are grouped as. This word will be
translated based on the language that is being used on the portal.
Use faceted search to improve knowledge search
results
Faceted search enables portals to have search filters on the left side allowing you to choose between
items like forums, blogs, and knowledge articles. More filters are added for specific search types. For
30
�example, knowledge articles can be filtered by Record Type, Modified Date, Rating, and Products to help
customers find the content they need. The right side also has a drop-down box that sorts results based on
the customer’s choice of Relevance or View Count (specific to knowledge articles). Below is a screen
capture with an example of some of the available filters.
Engage with communities by using the
community portal
Applies To: Dynamics 365 (online), Dynamics CRM Online
Keep your customer engagement strong by growing a community, publishing articles, gathering user
feedback, and acting on user-provided ideas. With out-of-the-box solutions available with portals you can:
Allow your users to hold conversations by posting messages on a forum. A forum can contain a
number of topics, also known as threads, and can be replied to by many users. More information: Set
up and moderate forums
Manage multiple corporate or community blogs on a single portal, with multiple authors per blog.
More information: Manage blogs
Engage with and gather feedback from your community, including gather ideas, votes, and comments
on suggestions. More information: Crowdsource ideas
31
�See also
Create a theme for your portal
Configure a Dynamics 365 portal
Set up and moderate forums
Applies To: Dynamics 365 (online), Dynamics CRM Online
Forums can be created, edited and deleted within Dynamics 365. To access forums, sign in to Dynamics
365 and go to Community > Forums.
Create a new forum
To create a new forum, click New.
Edit an existing forum
1. Double-click on the Form listed in the grid.
2. Specify values for the fields provided and click Save & Close.
Manage forums on a portal
For portal users with content management permissions, a limited set of properties of forums can be
managed by using the front-side editing engine to publish content. If your user account has been
assigned the necessary permission set, the inline editing interface will appear automatically when you
sign in to the portal.
1. Navigate to the forums parent page within the portal.
2. On the portal inline editing toolbar, click New.
3. Click Child forum.
4. Specify values for the fields provided and click Save.
32
�Forum attributes used by portals
The table below explains many of the Forum attributes used by portals. It is important to note that the way
many of the content and display-oriented attributes are rendered is controlled by the page template used,
and thus by the portal developer.
Name
Description
Name
The descriptive name of the entity. This value will
be used as the page title in most templates,
particularly if a Title value is not provided. This
field is required.
Website
The website to which the entity belongs. This field
is required.
Parent Page
The parent webpage of the entity in the website
content hierarchy.
Partial URL
The URL path segment used to build the portal
URL of this forum.
Note
Partial URL values are used as URL path
segments. As such, they should not contain
illegal URL path characters, such as "?", "#", "!",
"%". Because portal URLs are generated by
33
�Name
Description
joining together partial URL values with slashes
("/"), they should also not contain slashes.
Note
We recommend you restrict Partial URL values
to letters, numbers, and hyphens or
underscores. For example: "press-releases",
"Users_Guide", "product1".
Display Order
An integer value indicating the order in which the
forum will be placed relative to other forums in a
listing.
Publishing State
The current publishing workflow state of the forum,
which may dictate whether the forum is visible on
the site. The most common use of this feature is to
control whether content is in a published or draft
state.
Note
Users with content management permissions
may be granted the ability to use Preview Mode,
which allows these users to see ("preview")
unpublished content.
Hidden From Sitemap
Controls whether the forum is visible as part of the
portal site map. If this value is selected, the forum
will still be available on the site at its URL, and can
be linked to, but standard navigational elements
such as menus will not include the forum.
Forum Page Template
The page template to be used to render the page
listing the forums on the portal. This field is
required.
Note
The page template assigned should be a
template that a developer has specifically
created to provide the details of a forum.
Selecting a template other than the one
developed for the forum page may produce
erroneous results when viewing the forum's
webpage in the portal.
Thread Page Template
The page template to be used to render each
forum thread page on the portal. This field is
required.
Note
The page template assigned should be a
template that a developer has specifically
created to provide the forum thread details.
Selecting a template other than the one
developed for the forum thread page may
34
�Name
Description
produce erroneous results when viewing the
forum thread's webpage in the portal.
Description
Information about the forum.
Thread Count
Number of forum threads within the forum.
Post Count
Number of forum posts created on the forum
threads within the forum.
Last Post
The most recently created forum posts on the
portal.
See also
Manage forum threads
Create forum posts on the portal
Moderate forums
Subscribe to alerts
Manage forum threads
Applies To: Dynamics 365 (online), Dynamics CRM Online
A forum thread (sometimes called a topic) is a collection of posts, usually displayed from oldest to newest.
A thread can contain any number of posts, including multiple posts from the same members, even if they
were added to the thread one after the other. A thread is contained in a forum and may have an
associated date that is taken as the date of the last post. The content or purpose of the thread is identified
by the first post, also known as the original post (OP). When a member posts in a thread, the thread
jumps to the top because it is the latest updated thread. Similarly, other threads will jump to the top when
they receive posts. Sometimes, a member posts in a thread for no reason but to “bump” that thread
(cause it to be displayed as the top thread).. Threads that are important but rarely receive posts are made
“sticky” (or, as it is sometimes called, "pinned"). A sticky thread will always appear in front of normal
threads, often in its own section. A thread's popularity is measured on forums in reply (total posts minus
one, the opening post, in most default forum settings) counts. Some forums also track page views.
Manage forum threads in Microsoft Dynamics 365
You can create, edit, and delete forum threads in Dynamics 365.
Note
Although you can create forum threads in Dynamics 365, we recommend you do this in the portal,
where the process is less involved and ensures the thread is correctly associated with the original forum
post.
1. Login to Dynamics 365
2. Navigate to Community
35
�3. Click Forum Threads
Create a new thread
1. Click New
Edit an existing thread
1. Double-click on the Forum Thread listed in the grid
2. Specify values for the fields provided.
Note
You will need to create the original forum posts to be associated with this thread and assign the newly
created forum post record to the First Post and Last Post lookup fields provided.
3. Click Save & Close
Create forum threads on the portal
The forum thread editor will appear automatically when a user has successfully signed in to the portal and
navigated to a forum page, provided the developer has implemented the functionality in the forum's page
template.
1. Navigate to the forum page within the portal that you would like to post a new thread in
2. Specify a Thread Title
3. Specify a Thread Type
4. Compose the content of the thread in the rich text editor
5. Click Create this thread
36
�Forum thread attributes used by portals
The table below explains many of the Forum Thread attributes used by Portals. It is important to note that
the way in which many of the content/display-oriented attributes are rendered is controlled by the page
template used.
Name
Description
Name
The descriptive name of the record. This value will
be used as the thread title in most templates. This
field is required.
Forum
The forums associated with the thread.
Type
The forum thread type associated with the thread.
Sticky?
Checked indicates the thread should always
remain at the top of forum's listing of threads, even
if new threads are posted.
Last Post Date
The date and time the last post was created.
Answered?
Checked indicates the thread has been answered.
First Post
The first forum posts created on the thread.
Last Post
The last forum posts created on the thread.
Post Count
The number of posts that have been created on
the thread.
37
�Name
Description
View Count
The number of times the thread has been viewed
in the portal.
Manage forum thread types in Dynamics 365
Create, edit and delete forum thread types
1. Login to Dynamics 365
2. Navigate to Community
3. Click Forum Thread Types
Create a new thread type
1. Click New
Edit an existing thread type
1. Double-click on the Forum Thread Type listed in the grid
2. Specify values for the fields provided
3. Click Save & Close
Forum thread type attributes
The table below explains many of the Forum Thread Type attributes used by portals. It is important to
note that the way in which many of the content/display-oriented attributes are rendered is controlled by
the page template used.
Name
Description
Name
The descriptive name of the record. This value will
be used as the title of the type in the page
templates. This field is required.
Website
The webpages associated with the type.
Requires Answer
Checked indicates that a forum post within the
thread of this type can be marked as an answer.
Display Order
An integer value indicating the order in which the
forum thread type will be placed, relative to other
forum thread types in a listing.
Is Default
Checked indicates that type is to be used as the
default. It is recommended that only one type per
website have this field checked.
38
�See also
Setup and moderate forums
Create forum posts on the portal
Moderate forums
Subscribe to alerts
Configure and manage knowledge categories
and articles
Applies To: Dynamics 365 (online), Dynamics CRM Online
Create a new knowledge category
1. On the Interaction Centric Dashboard, click Settings > Service Management.
2. In the Knowledge Base Management section, click Categories.
3. Click the New button.
4. Enter a Name and Description for your category.
5. Choose a Parent Category. If you want this to be a top-level category, leave this field blank.
Associate knowledge articles
To associate a knowledge article with a category, open the Summary tab when viewing a knowledge
article record. In the Related Information section, click the + button. Select the category you want to
associate to the article and click the Associate button.
To remove a category from an article, choose the category you want to remove from the Category
subgrid on the knowledge article record and click the Delete button. When the confirmation message
displays, click the Delete button.
Delete a knowledge category
To delete a category, under Settings > Service Management > Categories, choose the category from
the list view and click the Delete button. Knowledge articles associated with this category will be
disassociated after the category is deleted.
See also
Get started with the portal content editor
Add dynamic content and create custom templates
39
�Configure web roles for a PRM portal
Applies To: Dynamics 365 (online), Dynamics CRM Online
Web roles for the PRM portal grant specific access to the different areas of the portal. By assigning the
appropriate roles, you can grant your primary partner contacts the right permissions to manage their team
members and streamline their processes.
Continue for more information on the web roles that are available out-of-the-box.
Partner administrator
Partner administrators are contacts who serve as the primary contact for a partner account. They are
responsible for adding and deactivating their team members and for any administrative activities related
to their partner account information.
Partner administrators can:
View, accept, and reject all distributed opportunities
View, manage, and perform actions on all managed opportunities
Manage partner account information, associated partner contacts, and their web roles
Manage partner contact roles Create and edit customer accounts
Create and edit customer contacts
Create and edit new opportunities
Partner manager
Partner managers are contacts who manage opportunities distributed by the parent company. They are
responsible for accepting or rejecting distributed opportunities and sharing accepted opportunities with
team members.
Partner managers can:
View, accept, and reject all distributed opportunities
View, manage, and perform actions on all managed opportunities
Manage partner account information
Create and edit customer accounts
Create and edit customer contacts
Create and edit new opportunities
Partner seller
Partner sellers are contacts who manage and perform actions on opportunities. They can view and
perform actions on opportunities that are shared with them, but will not be able to view opportunities that
they are not associated with.
Partner Sellers can:
View, manage, and perform actions on managed opportunities that have been shared with them
Create and edit customer accounts
Create and edit customer contacts
Create and edit new opportunities
40
�See also
Create a partner account on a partner relationship management (PRM) portal
Create web roles for portals
Assign permission set to a web role for portals
Create a partner account on a partner
relationship management (PRM) portal
Applies To: Dynamics 365 (online), Dynamics CRM Online
You can use partner accounts to keep track of your various partners. We recommend creating a separate
account for each partner so that you can manage each partner organization separately.
Create a partner account
1. Go to Sales > Accounts.
2. Choose New.
3. Fill in your information.
4. In the Partner Details area, use the Classification field and select the Partner classification.
5. Click Save.
Associate partner contacts with an account
Dynamics 365 contacts become partner contacts when they are associated with a partner account. To
associate a contact with a partner account when creating or editing a contact, enter the name of a partner
account in the Account Name field.
Get started with the portal content editor
Applies To: Dynamics 365 (online), Dynamics CRM Online
Dynamics 365 portals offers a powerful suite of editing tools. Users with suitable permissions can add,
modify, or delete webpages and their content without having to directly access the databases and web
servers that physically contain these entities. Editing can be performed in any modern browser and is
accomplished through the use of two powerful yet intuitive tools. More information: Control webpage
access for portals
This document assumes that you have permission to perform these tasks. If you do not, ask your portal
administrator to arrange this for you. The permissions can be assigned to individual pages, so be sure to
specify which pages you will need to edit.
Note
If you are using the sample organization, sign in with administrator as the username and pass@word1
as the password.
41
�Use the content editor toolbar
Sign in first. This will enable content editing for users with this permission. A toolbar on the right hand side
allows you to edit the page properties. A blue edit button will appear when the mouse moves over any
content that can be managed by the user.
Option
Description
Preview On/Off
When on, published and unpublished content will
be visible. When off, only published content can
be seen.
Edit
Opens a dialog where one can change the
properties for the current page.
Delete
Deletes the current page.
New
Opens a menu where one can chose to create a
child page, file, event, forum or shortcut.
Children
Opens a dialog containing child records for the
current page where one can reorder, edit, or
delete them.
Edit the header
Place the mouse cursor over the page header and click the blue edit button that appears. This will open a
rich-text editor. Change the header text and click the disk icon to save the changes. More information:
Customize content by using content snippets.
Add a new webpage
To add a new webpage from the portal, click New in the toolbar, and then click Child page in the dropdown menu. Fill in the properties for the new child page. Click Save to create the new page. The new
page is created as a child of the webpage you were on when you clicked New > Child page.
42
�After being redirected to the newly created page. Point to the large rectangular box under the page title
and click the blue edit button that appears. Add some content, and then click the disk icon to save the
changes. More information: Get started with the portal content editor.
Web pages can also be added in Dynamics 365. Translating a webpage is done in Dynamics 365, so
start by navigating to Portals > Web Pages and clicking the +New button. Fill in the form and click Save.
Change the Publishing State from Draft to Published when it is ready for use on the website. The
Localized Content section can be filled in after the webpage is created to create the different translations
needed.
43
�Edit the primary navigation
Web link sets are groups of links used for navigation based on location on the webpage. Primary
Navigation is the web link set that you see at the top of every webpage, and it can be edited in the portal
with the system administrator web role.
1. Place the mouse cursor over the primary navigation and click the Edit button that appears.
This will open a dialog with a list of web links that can be reordered or removed, as well as an
option to add new links.
2. Click the row with the green plus icon.
3. Enter the name for the page just created.
4. Set a link to it using the Page field drop-down.
5. Click the Save button for the new link dialog and for the primary navigation dialog.
Manage child pages
From the home page, Click Children in the toolbar. This will open a dialog with a list of all child pages for
the page you were on when you clicked Children. There should be some pages with an icon of an eye
with a line through it. This icon indicates the page is not visible in the site map, but if published it can still
be viewed if linked to directly. As with a web link set, one can reorder, edit, or delete the webpages listed.
Delete a page
Navigate to the page to be deleted and click the Delete button in the toolbar. Click Yes to confirm. When
deleting from the toolbar the pages are placed into a deactivated state instead of being deleted. Any child
pages of the deleted page will also be deactivated.
Note
Certain webpages are important to have for a properly functioning website, for instance, a sign in page
or 404 page. Be sure not to delete these pages, as doing so can cause a website to stop functioning
properly.
44
�See also
How to provision a portal
Use the front-side editing engine to publish content
Customize content by using content snippets
Use the front-side editing engine to publish
content
Applies To: Dynamics 365 (online), Dynamics CRM Online
Learn how to use the content editor and edit the content of a webpage: edit text, create links and display
images.
To use the content editor, you need the appropriate permissions and the content to be modified must be
in the page template. To open the content editor, point to the content to be modified, and then click the
blue edit button that appears in the top left corner.
Content editor commands and controls
The editor toolbar has a number of buttons to help with content editing. Move the mouse cursor over a
button to see a tool tip for the buttons function. The table below also has more detail about the available
buttons, listed in the order they appear in the toolbar.
Name
Description
Save
Saves the changes made to the content and
closes the editor.
Cancel All Changes
Discards any changes made and closes the editor.
Toggle Full Screen Mode
Resizes the editor to the size of the containing
browser window.
Note
When in Full Screen Mode, the Save and
Cancel All Changes buttons will not be
available. To save or cancel, click the Toggle
Full Screen Mode button to return to the regular
mode where the buttons are available.
Bold, Italic, Underline, Strikethrough
Makes selected text bold, italic, underline, or
strikethrough as well as newly typed text.
Align Left, Center, Right, Full
Aligns selected text to the left, center, right, or full
as well as newly typed text.
Direction Left to Right, Right to Left
Changes the direction of the written text to be left
to right or right to left.
Edit CSS Style
Opens a dialog to an interface that allows full
control over the CSS styling of selected text as
well as newly typed text.
If you wish to set the style of a single word or
selection of text, simply select the text, then in the
45
�Name
Description
Edit CSS Style dialog check the box titled "Insert
span at selection".
Note
Overusing custom styling can greatly reduce the
consistency of the content's look and feel
between pages. It is recommended to use this
method only when absolutely necessary.
Format
Changes the selected text as well as newly typed
text to the pre-defined style selected.
Help
Opens a dialog about TinyMCE.
Cut, Copy, Paste
Cuts, copies, or pastes the selected text to and
from the clipboard.
Paste as Plain Text
Pastes text from the clipboard with all formatting
and styling removed.
Paste from Word
Pastes text from the clipboard while trying to
maintain formatting and styling that originated from
Microsoft Word.
Find, Find/Replace
Opens a dialog for searching content and
optionally replacing found content.
Insert/Remove Bulleted List, Numbered List
Inserts a bulleted or numbered list for selected text
or at the text cursor if the list isn't already present.
If the list is already present, it will be removed.
Decrease, Increase Indent
Reduces or increases the indentation of the text or
a list item.
Block Quote
Places the selected text or newly typed text within
a quote block.
Undo, Redo
Will undo the previous change or redo an undone
change.
Note
Only changes that have been done since the
editor was opened can be undone. Changes that
have been saved or canceled cannot be
undone, or re-done.
Insert/Edit Link
Inserts or edits a hyperlink for selected text. See
Create a Link below for more details about this
feature.
Unlink
Changes a hyperlink back to text.
Insert/Edit Anchor
Inserts or edits an anchor link for selected text.
Insert/Edit Image
Inserts or edits an image into the content. See
Insert an Image below for more details about this
feature.
46
�Name
Description
Insert/Edit Embedded Media
Inserts or edits embedded media such as a video
or application.
Cleanup Messy Code
Tries to remove invalid markup that may have
come from pasting.
Edit HTML Source
Opens a dialog containing the HTML source for
the content. The HTML can be directly modified
and updated from this window.
Note
This dialog will not validate the HTML! It is
recommended that only users with knowledge of
HTML use this feature.
Insert/Edit Table to Merge Table Cells
Inserts or edits tables and their rows, cells, and
properties.
Insert Horizontal Line
Inserts a horizontal line at the text cursor.
Remove Formatting
Removes the formatting and styling for the
selected text.
Show/Hide Guidelines/Invisible Elements
Toggles table border guidelines and other invisible
elements on or off.
Subscript, Superscript
Makes selected text subscript or superscript as
well as newly typed text.
Insert Special Character
Opens a dialog containing special characters and
inserts the selected character at the text cursor.
Create a link
From within the content editor, select the text to make a hyperlink for and click the Insert/Edit Link button.
Enter the properties for the hyperlink and click the insert button. Click the save button in the content editor
toolbar to save the change.
Link properties and commands
Name
Description
Link URL
The URL to link to. It can be any properly
formatted URL, external to the website or within
the same website. If within, it can be relative and it
can be looked up using Browse (found just right of
the Link URL field).
Browse
Opens a file picker for the website. The URL for
the selected page or file will be placed into the
Link URL field when selected. See Using the File
Picker.
47
�Name
Description
Target
Specifies whether the link will be opened in the
same or a new browser window when clicked. If
not set, the link will open in the same window by
default.
Title
A descriptive title for the hyperlink. Usually
displayed when the mouse cursor hovers on the
hyperlink.
Insert, Update
Makes or updates the hyperlink with the specified
properties and closes the dialog.
Note
Note that the change is only done in the content
editor until the save button has been clicked in
the content editor toolbar.
Cancel
Discards any changes made and closes the
dialog.
Insert an image
From within the content editor, put the text cursor in the place to insert an image and click the Insert/Edit
Image button. Enter the properties for the image and click the insert button. Click the save button in the
content editor toolbar to save the change.
Image properties and commands
Name
Description
Image URL
The URL for the image. It can be any properly
formatted URL to an image, external to the
website or within the same website. It's
recommended that the URL be within. When
within, it can be relative and it can be looked up
using Browse (found just right of the Image URL
field).
Browse
Opens a file picker for the website. The URL for
the selected image file will be placed into the
Image URL field when selected. See Using the
File Picker.
Image Description
Specifies the alt attribute for the image. It's read
by screen readers, and is typically seen when the
image doesn't load properly.
Title
A descriptive title for the hyperlink. Usually
displayed when the mouse cursor hovers on the
image.
48
�Name
Description
Preview
Provides a preview of the image being inserted or
updated.
Appearance (Tab)
Provides options for overriding the actual image
properties, its styling, and its placement.
Advanced (Tab)
Provides advanced options that may need page
template support.
Insert, Update
Makes or updates the image with the specified
properties and closes the dialog.
Note
Note that the change is only done in the content
editor until the save button has been clicked in
the content editor toolbar.
Cancel
Discards any changes made and closes the
dialog.
Browse pages and files by using the file picker
The file picker provides a way to browse pages and files that belong to the same website. New files can
be uploaded using the file picker as well. The file picker is available when adding a link or an image
through the content editor. Click on the icon that looks like a Windows Explorer window to open the file
picker. Browse to a page or file using the left tree view and double click the page or file in the right list
view to select it.
To upload new files, navigate to the folder to upload the file to and click the disk icon with a green plus on
it. In the dialog that opens, click Browse and pick a file to upload. Do the same in the next field to add
more than one file. Click Ok and the files will be uploaded.
File picker commands
The table below has more detail about the available buttons, listed in the order they appear in the toolbar.
Name
Description
Back
Move to the folder that was being viewed
previously.
Reload
Refresh the folder's view.
Select file
Use the selected page or file's URL.
Open
View the page or file in a new browser window.
Upload files
Opens a dialog for uploading new files.
Note
Note that new files are uploaded immediately to
the folder when clicking Ok from this dialog.
Copy, Cut
Disabled
49
�Name
Description
Remove
Deletes the selected file.
Note
Note that only files can be removed and not
pages. Pages should be removed by using the
delete button in the content publishing toolbar.
Get Info
Displays additional information about the selected
page or file.
Preview with Quick Look
View the file and some information about it in a
small overlay window.
View as icons
Displays the folder contents as icons.
View as list
Displays the folder contents as a table with more
details about each item.
Help
Opens a dialog about elFinder: Web file manager.
See also
How to provision a portal
Get started with the portal content editor
Customize content by using content snippets
Create a theme for your portal
Applies To: Dynamics 365 (online), Dynamics CRM Online
When you build portals with the portal capabilities for with Microsoft Dynamics 365, you'll be using the
Bootstrap front-end framework. By taking advantage of the Bootstrap ecosystem, you can quickly and
easily brand these portals for your organization.
What is Bootstrap?
Bootstrap is a front-end framework that includes CSS and JavaScript components for common web
application interface elements. It includes styles for navigation elements, forms, buttons, and a
responsive grid layout system, which allow site layouts to dynamically adjust to devices that have different
screen sizes, such as phones and tablets. By using the Bootstrap layout system, you can develop a
single site that presents an appropriate interface to all devices your customers might use.
Implement portal templates by using Bootstrap
The templates included with Dynamics 365 portals are implemented by using standard Bootstrap
components, with minimal additional custom styles. So when you implement the templates, you can take
advantage of the Bootstrap customization options. You can customize the theme (fonts, colors, and so
on) quickly, and in a way that is applied consistently across the portal.
50
�Customize Bootstrap
Bootstrap supports customization through a set of variables. You can set any or all of these variables to
custom values and then download a custom version of Bootstrap that is compiled based on these values.
The power of Bootstrap variables is that they don't dictate the style of a single element. All styles in the
framework are based on and derived from these values. For example, consider the variable @font-sizebase. This specifies the size that Bootstrap assigns to normal body text. However, Bootstrap also uses
this variable to indicate the font size for headings and other elements. The size for an h1 element may be
defined as 300 percent the size of @font-size-base. By setting this one variable, you control the entire
typographic scale of your portal in a consistent way. Similarly, the @link-color variable controls the color
of hyperlinks. For the color you assign to this value, Bootstrap will define the hover color for links as 15
percent darker than your custom value.
The standard way to create a custom version of Bootstrap is through the official Bootstrap site. However,
due to the popularity of Bootstrap, many third-party sites have also been created for this purpose. These
sites might provide an easier-to-use interface for Bootstrap customization or might provide predesigned
versions of Bootstrap for you to download. The official Bootstrap customizer site provides more
information on Bootstrap customization. The site will always be the most up to date, but currently doesn't
include some UI features like color pickers and live preview.
Apply a custom Bootstrap theme to your website
When you download a customized version of Bootstrap, it contains the following directory structure.
css/ |-- bootstrap.min.css img/
|-- glyphicons-halflings-white.png |-- glyphicons-halflings.png js/ |-- bootstrap.min.js
Or, depending on the customizer application used, it may only contain bootstrap.min.css. Regardless,
bootstrap.min.css is the file that contains your customizations. The other files are the same for all custom
versions of Bootstrap and are already included in your Dynamics 365 portal.
After you have your custom bootstrap.min.css, you can apply it to your portal in one of two ways. If you
are a developer and prefer to work directly with the source code of your application, you can overwrite the
version of bootstrap.min.css included in your application source with your custom version. In most cases,
however, we recommend that you apply your custom Bootstrap theme without modifying your site code
by uploading it as a web file in the Dynamics 365 portal’s content management system.
1. Sign in to your application as a user with content management permissions. More information:
Assign a permission set to a web role for portals.
2. Go to the Home page of your application.
3. Select Children > Edit this file (the pencil and paper button) for bootstrap.min.css from the
content editing toolbar (found in the upper-right corner of your browser window).
4. Select your custom bootstrap.min.css file, using the Upload File field in the Edit This File dialog
box that appears.
5. Ensure that the Partial URL field is set to bootstrap.min.css. This value indicates to the
Dynamics 365 portal’s framework that it should use your custom version of Bootstrap instead of
the default version included.
6. You may also want to select the Hidden from Sitemap checkbox (selected by default), so that
this file doesn't appear to users in any navigation elements on the site.
7. Save the file.
8. Refresh your page, and your customized styles will appear immediately.
Here, we can see a customized version of Bootstrap applied to the Community portal.
51
�Additional portal theme options
In addition to a custom Bootstrap version, Dynamics 365 portals support uploading of your own custom
CSS files into the content management system. This lets you apply additional styling to your portal,
without having to deploy a new version of its code. To do this, follow the procedure described previously
for uploading custom Bootstrap CSS by using a file that contains your own CSS, and then choose a new
Partial URL for this web file. As long as the Partial URL ends in .css, Dynamics 365 portals will
recognize it and apply it to your site.
Along with a customized version of Bootstrap, you can use the content-editing system to add a custom
logo and brand to your portal header. With these simple but powerful options, you're only a few minutes
away from having your Dynamics 365 portal’s application reflect your brand.
52
�See also
Engage with communities by using the community portal
Configure a Dynamics 365 portal
Configure site settings for portals
Applies To: Dynamics 365 (online), Dynamics CRM Online
A Site Setting is a configurable named value that is used by website code to modify the behavior or visual
style of the portal. Typically when a developer creates the website code, they will reference Site Settings
for various components to enable an end user to modify the setting values to alter the website without
having to change the code, recompile, and redeploy the website.
The sample portals that are provided with the installation of Dynamics 365 portals contain several
configurable Site Settings for various styles used to modify many visual elements within the site such as
background style, text color, and layout width.
Manage site settings in Dynamics 365
1. Login to Dynamics 365
2. Go to Portals > Site Settings
3. To create a new setting: Click New
4. To edit an existing setting: Double-click on the Site Setting listed in the grid
5. Specify values for the fields provided
Name
Description
Name
A label referenced by website code to retrieve the
appropriate setting. The name should be unique
for the associated website as the code retrieving
the setting will take the first record found with the
matching name.
Website
The associated website.
Value
The setting.
Description
The purpose of the setting or special instructions.
6. Click Save & Close
See also
How to provision a portal
Configure a Dynamics 365 portal
Configure Dynamics 365 portal authentication
Configure a Dynamics 365 portal
53
�Configure Dynamics 365 portal authentication
Define entity forms and custom logic within the Dynamics 365 portal
Configure Dynamics 365 portal authentication
Applies To: Dynamics 365 (online), Dynamics CRM Online
In a portal application, an authenticated portal user is associated with either a Dynamics 365 contact or
system user. The default portals configuration is contact-based. To log in, a contact must have the
appropriate web authentication information configured. Portal users must be assigned to a web roles to
gain permissions beyond unauthenticated users. To configure permissions for a web role, configure its
webpage access and website access control rules.
To take an in-depth look at configuration of out-of-the-box registration modes and invitation model, see
Register and invite for a portal.
See also
Add dynamic content and create custom templates
Set authentication identity for a portal
Define entity forms and custom logic within the Dynamics 365 portal
Place child nodes by using shortcuts for portals
Applies To: Dynamics 365 (online), Dynamics CRM Online
Use shortcuts to place child nodes throughout your portal's sitemap that simply point to other nodes that
exist in your sitemap, or to URLs external to your portal. In other words, webpages, web files, events, and
forums can all be considered "solid" nodes of your portal's sitemap: they are added to your sitemap and
when you navigate to them, you see the actual content of those nodes directly. Shortcuts, on the other
hand, can be considered “intangible” nodes: they are also added to the sitemap (unlike web links, which
are not), but when you navigate to them, you see the content for the target "solid" node that the shortcut
points to, and that content is rendered by the page template for that node.
Manage shortcuts in Dynamics 365
Creating, editing, and deleting shortcuts can be done within Dynamics 365.
1. Login to Dynamics 365
2. Navigate to Portals > Shortcuts
3. To create a Shortcut: Click New
4. To edit an existing Shortcut: Double-click on the existing Shortcut listed in the grid
5. Enter values for the fields provided
6. Click Save & Close
54
�Attributes and relationships
Name
Description
Name
A Descriptive Name for the shortcut. For internal
use only.
Website
The website that the shortcut belongs to.
Parent Page
The parent webpage of the shortcut entity in the
sitemap. The shortcut will be added to the sitemap
as a child of this page.
External URL
Target of the shortcut to a URL of a resource
outside of your organization.
Web Page
Target of the shortcut to an internal webpage.
Web File
Target of the shortcut to a web file.
Event
Target of the shortcut to an event.
Forum
Target of the shortcut to a forum.
Title
The title for the shortcut. This is the name that will
appear in the sitemap and child navigation view
areas. If left blank, the title (or name) of the target
entity will be shown instead.
Description
A description to appear in child nav views.
Optional.
Display Order
The front-side editable order that the shortcut will
appear in sitemap and child nav views, in relation
to other nodes in the site map.
Disable Shortcut Target Validation
If unchecked, the security of the shortcut will be
based on the target. Otherwise, it will be based on
the parent. For more details, see "Security" below.
Note
A shortcut needs only to have one of the 'Target' fields (External URL, Web Page, Survey, Web File,
Event, Forum) assigned a value, and a shortcut will only have one target.
For example, a shortcut does not point at both a Web Page and a survey, or an External URL and a
Web File. If more than one target attribute exists for a shortcut, the shortcut will just take the first one,
ignoring all others. The order of priority for which target will be chosen is reflected on the main
Dynamics 365 shortcut form. So, it will first check if there exists an External URL for the shortcut, and if
there is, then the shortcut's target will be the External URL and all other target attributes will be ignored.
If there is no External URL, then the shortcut will check the Web Page, then the Survey, Web file,
Event, and finally Forum.
Secure shortcuts
Security for shortcuts can be based either on the parent page of the shortcut or on the target of the
shortcut. This will determine whether the shortcut will be visible in the sitemap. Naturally, if security is
55
�based off the parent, the write access of the target of the shortcut will still determine whether front-side
editing will function after the shortcut has been used to navigate to the target of the shortcut. Therefore,
shortcut security only affects navigation and edit rights for front-side editing of shortcuts. The security
method used is specific to the shortcut. If you leave the Boolean value Disable Shortcut Target
Validation unselected, the security of the shortcut will be based on the target; otherwise, it will be based
on the parent.
Navigate with shortcuts
After the shortcut entity has been created, it will appear in your website.
In the above example, Basic Site has two additional pages, Page One and Page Two. Page Two Is a
Child of Page One, which is a Child of the Home Page. Additionally, there is a shortcut that is a child of
the Home page which points to Page Two.
See also
Configure a Dynamics 365 portal
Configure site settings for portals
Configure Dynamics 365 portal authentication
Define entity forms and custom logic within the Dynamics 365 portal
Manage web links in Dynamics 365 or on portals
Register and invite for a portal
Applies To: Dynamics 365 (online), Dynamics CRM Online
The latest portal authentication experience allows portal users to sign in with their choice of a local
contact membership provider based account or an external account based on ASP.NET Identity. Both
local and external account registration can use invitation codes for sign up, as well as the email
confirmation workflow. In addition, portal administrators may choose to enable or disable any combination
of authentication options through portal site settings.
Local authentication
Local authentication is the common forms-based authentication uses the contact records of a Dynamics
365 organization for authentication. To build custom authentication experiences, developers can use the
ASP.Net Identity API to create custom login pages and tools.
External authentication
External authentication is provided by the ASP.NET Identity API. In this case, account credentials and
password management are handled by a third-party identity provider. This includes OpenID based
providers such as Yahoo! and Google and OAuth 2.0 based providers such as Twitter, Facebook, and
Microsoft. Users sign up to the portal by selecting an external identity to register with the portal. After it is
registered, an external identity has access to the same features as a local account.
56
�Account sign-up (registration)
Portal administrators have several options for controlling account sign-up behavior. Open registration is
the least restrictive sign-up configuration where the portal allows a user account to be registered by
simply providing a user identity. Alternative configurations may require users to provide an invitation code
or valid email address to register with the portal. Regardless of the registration configuration, both local
and external accounts participate equally in the registration workflow. That is, users have the option to
choose which type of account they want to register.
Open registration
During sign-up, the user has the option of creating a local account (providing a username and password)
or selecting an external identity from a list of identity providers. If an external identity is selected, the user
is required to sign in through the chosen identity provider to prove that they own the external account. In
either case, the user is immediately registered and authenticated with the portal. A new contact record is
created in the Dynamics 365 organization upon sign-up.
With open registration enabled, users are not required to provide an invitation code to complete the signup process.
See also
Configure a contact for use on a portal
Invite contacts to your portals
Set authentication identity for a portal
Configure a contact for use on a portal
Applies To: Dynamics 365 (online), Dynamics CRM Online
After filling out the basic information for a contact in Dynamics 365, (or having a user fill it out the signup
form in a portal), navigate to the web authentication tab on the portal contact form to configure a contact
using local authentication. For details on federated authentication options see Set authentication identity
for a portal. To configure a contact for portals using local authentication, follow these instructions:
1. Enter a username.
2. On the command ribbon, click More Commands > Change Password.
Complete the change password workflow, and the necessary fields will be automatically configured.
When you have done this, your contact will be configured for your portals.
See also
Register and invite for a portal
Invite contacts to your portals
Set authentication identity for a portal
57
�Invite contacts to your portals
Applies To: Dynamics 365 (online), Dynamics CRM Online
Use the Dynamics 365 portals invitation feature to invite contacts to your portal through automated
email(s) created in your Dynamics 365 system. The people you invite receive an email, fully customizable
by you, with a link to your portal and an invitation code. This code can be used to gain special access
configured by you. With this feature you have the ability to:
Send Single or Group Invitations
Specify an expiry date if desired
Specify a user or portal contact as the inviter if desired
Automatically assign the invited contact(s) to an account upon invite redemption
Automatically execute a workflow upon invite redemption
Automatically assign the invited contact(s) to a Web Role(s) upon redemption
Invitation redemption can be accomplished using any of our many authentication options. For
documentation regarding portal authentication, see Set authentication identity for a portal and choose the
model applicable to your portal version and configuration. The user will adopt any settings provided by the
administrator upon redemption. An Invite Redemption Activity will be created for the Invite and Contact.
Invitations are sent via the Send Invitation workflow. By default, the workflow creates an email with a
generic message and sends it to the invited Contact's primary email address. The Send Invitation
workflow contains an email template that will need to be edited to contain a specific message for your
portal and the correct hyperlink to your portal's Invite Redemption Page.
Edit the Send Invitation workflow email template
Locate the Send Invitation workflow and deactivate it. After it is deactivated, edit the email template to
send the message you want and provide a link to the Invite Redemption Page of your portal.
Create and configure invitations
To create an Invitation record within Dynamics 365, click the Create Invitation button in the command
bar. The button is available when a single Contact is selected in a Contact View and when viewing a
Contact record. Clicking the button will open a new invitation form for the Contact. Invitations can also be
created via the Invitations View by clicking +New. After the Invitation record has been created the Run
Workflow button will appear enabling you to send the Invitation to the Contact(s).
Run the Send Invitation workflow
The invitation will not be sent to the Contact(s) until the Send Invitation workflow is initiated.
The Invitation Form has the following fields:
Name
Description
Name
A descriptive name for helping recognize the
invitation.
Type
Single or Group. Single will allow only one
contact to be invited and only one redemption.
58
�Name
Description
Group allows multiple contacts to be invited and
multiple redemptions.
Owner/Sender
The Dynamics 365 user that will be the sender of
the email when the invitation is sent. This can be
overridden in the Send Invitation workflow if the
created email already contains someone in the
from field.
Invitation Code
A unique code for the invitation that only the
invitee will know. This is automatically generated
when creating a new invitation.
Expiry Date
The date that represents when the invitation will
become invalid for redemption. Optional.
Inviter
Can be used when a contact is the sender of the
invitation. Optional.
Invited Contact(s)
The contact(s) to be invited to a portal.
Assign to Account
An account record to be associated as the
redeeming contact's parent customer when the
invite is redeemed. Optional.
Execute Workflow on Redeeming Contact
A workflow process to be executed when the invite
is redeemed. The workflow will be passed the
redeeming contact as the primary entity. Optional.
Assign to Web Roles
A set of web roles to be associated with the
redeeming contact when the invite is redeemed.
Optional.
Redeemed Contact(s)
The contact(s) that have successfully redeemed
the invitation.
Maximum Redemptions Allowed
The number of times the invitation can be
redeemed. Available for Group type invitations
only.
See also
Register and invite for a portal
Configure a contact for use on a portal
Set authentication identity for a portal
Set authentication identity for a portal
Applies To: Dynamics 365 (online), Dynamics CRM Online
59
�Portal capabilities for Microsoft Dynamics 365 provides authentication functionality built on the ASP.NET
Identity API. ASP.NET Identity is in turn built on the OWIN framework, which is also an important
component of the authentication system. The services provided include:
Local (username/password) user sign-in
External (social provider) user sign-in through third party identity providers
Two-factor authentication with email or SMS
Email address confirmation
Password recovery
Invitation code sign-up for registering pre-generated contact records
Requirements
Portal capabilities for Microsoft Dynamics 365 requires
Microsoft Dynamics 365 Portal Base, the Microsoft Identity, and the Microsoft Identity
Workflows solution packages
Authentication overview
Returning portal visitors have the option to authenticate using local user credentials and/or external
identity provider accounts. A new visitor can register for a new user account either by providing a
username/password or by signing-in through an external provider. Visitors who are sent an invitation code
(by the portal administrator) have the option to redeem the code in the process of signing-up for a new
user account.
Related Site Settings:
Authentication/Registration/Enabled
Authentication/Registration/LocalLoginEnabled
Authentication/Registration/ExternalLoginEnabled
Authentication/Registration/OpenRegistrationEnabled
Authentication/Registration/InvitationEnabled
Authentication/Registration/RememberMeEnabled
Authentication/Registration/ResetPasswordEnabled
Sign-in with a local identity or external identity
60
�Sign-up with a local identity or external identity
Redeem an invitation code manually
Forgot password or password reset
Returning visitors who require a password reset (and have previously specified an email address on their
user profile) have the option of requesting a password reset token to be sent to their email account. A
reset token allows its owner to choose a new password. Alternatively, the token can be abandoned,
leaving the user’s original password unmodified.
Related Site Settings:
Authentication/Registration/ResetPasswordEnabled
Authentication/Registration/ResetPasswordRequiresConfirmedEmail
Related Processes:
Send Password Reset To Contact
1. Customize the email in the workflow as necessary
2. Submit email to invoke process
3. Visitor prompted to check email
4. Process: Send Password Reset To Contact
5. Password reset email with instructions
6. Visitor returns to the reset form
7. Password reset complete
61
�Redeem an invitation
Redeeming an invitation code allows a registering visitor to be associated to an existing contact record
that was prepared in advance specifically for that visitor. Typically, the invitation codes are sent out by
email but a general code submission form is available for codes sent though other channels. After a valid
invitation code is submitted, the normal user registration (sign-up) process takes place to setup the new
user account. More information: Register and invite for a portal.
Related Site Settings:
Authentication/Registration/InvitationEnabled
Related Processes:
Send Invitation
Note: the email sent by this workflow must be customized with the URL to the redeem invitation
page on the portal.
http://portal.contoso.com/register/?returnurl=%2f&invitation={Invitation Code(Invitation)}
1. Create invitation for a new contact
2. Customize and save the new invitation
3. Process: Send Invitation
4. Customize the invitation email
5. Invitation email opens the redemption page
6. Sign-up using the submitted invitation code
62
�Manage user accounts through profile pages
Authenticated users manage their user accounts through the Security navigation bar of the profile page.
Users are not limited to the single local account or single external account chosen at user registration
time. Users with an external account may choose to create a local account by applying a username and
password. Otherwise, users who started with a local account can choose to associate multiple external
identities to their account. The profile page is also where the user is reminded to confirm their email
address by requesting a confirmation email to be sent to their email account.
Related Site Settings:
Authentication/Registration/LocalLoginEnabled
Authentication/Registration/ExternalLoginEnabled
Authentication/Registration/TwoFactorEnabled
Authentication/Registration/MobilePhoneEnabled
Set or change a password
A user with an existing local account can apply a new password by providing the original password. A
user without a local account can choose a username and password to set up a new local account. The
username cannot be changed after it is set.
Related Site Settings:
Authentication/Registration/LocalLoginEnabled
1. Create a username and password
2. Change an existing password
Change or confirm an email address
Changing an email address (or setting it for the first time) puts it into an unconfirmed state. The user can
request a confirmation email to be sent to the new email address, including instructions on completing the
email confirmation process.
Related Processes:
Send Email Confirmation To Contact
Customize the email in the workflow as necessary
1. Submit a new email (unconfirmed)
2. Check email for confirmation
63
�3. Process: Send Email Confirmation To Contact
4. Customize the confirmation email
5. Click the confirmation link to complete
Change or confirm mobile phone
Changing the mobile phone value occurs slightly differently from changing the email. The new value is
held in a temporary storage without changing the original value. An SMS message containing a security
code is sent to the new mobile phone number. Only after the security code is submitted back to the portal
(and verified) is the old mobile number replaced with the new value.
Related Processes:
Authentication/Registration/MobilePhoneEnabled
Related Processes:
Send Sms Confirmation To Contact
Note: the workflow for this process contains a temporary step that sends the security code by
email. This is a placeholder step that needs to be replaced by a new step capable of sending
SMS messages.
1. Submit new mobile phone (unconfirmed)
2. Wait for SMS with security code
3. Process: Send Sms Confirmation To Contact
4. Replace this email step with SMS step
5. After submitting a valid security code
Enable two-factor authentication
The two-factor authentication feature increases user account security by requiring proof of ownership of a
confirmed email or mobile phone in addition to the standard local/external account sign-in. A user trying to
sign into an account with two-factor authentication enabled is sent a security code to the confirmed email
or mobile phone associated to their account. The security code must be submitted to complete the sign-in
process. A user can choose to remember the browser that successfully passes the verification such that
the security code is not required for subsequent sign-ins from the same browser.
Each user account enables this feature individually and requires either a confirmed email or confirmed
mobile phone. User accounts with both may choose which method to receive the security code.
Related Site Settings:
Authentication/Registration/TwoFactorEnabled
Authentication/Registration/RememberBrowserEnabled
Related Processes:
Send Email Two Factor Code To Contact
Send Sms Two Factor Code To Contact
1. Enable two-factor authentication
64
�2. Choose to receive security code by email or SMS
3. Wait for email/SMS with security code
4. Process: Send Email Two Factor Code To Contact
5. Process: Send Sms Two Factor Code To Contact
6. Two-factor authentication can be disabled
Manage external accounts
An authenticated user may connect (register) multiple external identities to their user account one from
each of the configured identity providers. After the identities are connected, the user may choose to sign
in with any of the connected identities. Existing identities can also be disconnected, as long as a single
external or local identity remains.
Related Site Settings:
Authentication/Registration/ExternalLoginEnabled
External Identity Provider Site Settings
1. Select a provider to connect
2. Sign-in with provider to connect
3. Provider is connected
4. Provider can be disconnected
Enable ASP.NET identity authentication
The following describes the settings for enabling/disabling various authentication features and behaviors:
Site Setting Name
Description
65
�Authentication/Registration/LocalLoginEnabled
Enables or disables local account sign-in based on
a username (or email) and password. Default:
false
Authentication/Registration/LocalLoginByEmail
Enables or disables local account sign-in using an
email address field instead of a username field.
Default: false
Authentication/Registration/ExternalLoginEnabl
ed
Enables or disables external account sign-in and
registration. Default: true
Authentication/Registration/RememberMeEnabled
Enables or disables a "Remember Me?" checkbox
on local sign-in to allow authenticated sessions to
persist even when the web browser is closed.
Default: true
Authentication/Registration/TwoFactorEnabled
Enables or disables the option for users to enable
two-factor authentication. Users with a confirmed
email address or confirmed mobile number can opt
into the added security of two-factor
authentication. Default: false
Authentication/Registration/MobilePhoneEnabled
Enables or disables the option to add and confirm
a mobile phone number. When enabled, it is also
necessary to update the Send Sms Confirmation To
Contact process in Dynamics 365 such that the
workflow is able to send out SMS messages.
Default: false
Authentication/Registration/RememberBrowserEna
bled
Enables or disables a "Remember Browser?"
checkbox on second-factor validation (email/SMS
code) to persist the second-factor validation for the
current browser. The user will not be required to
pass the second-factor validation for subsequent
sign-ins as long as the same browser is being
used. Default: true
Authentication/Registration/ResetPasswordEnabl
ed
Enables or disables the password reset feature.
Default: true
Authentication/Registration/ResetPasswordRequi
resConfirmedEmail
Enables or disables password reset for confirmed
email addresses only. If enabled, unconfirmed
email addresses cannot be used to send password
reset instructions. Default: false
Authentication/Registration/TriggerLockoutOnFa
iledPassword
Enables or disables recording of failed password
attempts. If disabled, user accounts will not be
locked out. Default: true
Authentication/Registration/IsDemoMode
Enables or disables a demo mode flag to be used
in development or demonstration environments
only. Do not enable this setting on production
environments. Demo mode also requires the web
browser to be running locally to the web
application server. When demo mode is enabled,
the password reset code and 2nd-factor code are
displayed to the user for quick access. Default:
false
66
�Authentication/Registration/LoginButtonAuthent
icationType
If a portal only requires a single external identity
provider (to handle all authentication), this allows
the Sign-In button of the header nav bar to link
directly to the login page of that external identity
provider (instead linking to the intermediate local
login form and identity provider selection page).
Only a single identity provider can be selected for
this action. Specify the AuthenticationType value
of the provider.
For OAuth2 based providers the accepted values
are: Facebook, Google, Yahoo, Microsoft, LinkedIn,
Yammer, or Twitter
For WS-Federation based providers use the value
specified for the
Authentication/WsFederation/ADFS/Authenticatio
nType and
Authentication/WsFederation/Azure/[provider]/A
uthenticationType site settings. Examples:
http://adfs.contoso.com/adfs/services/trust,
Facebook-0123456789, Google, Yahoo!,
uri:WindowsLiveID.
Enable/disable user registration
The following describes the settings for enabling/disabling user registration (sign-up) options:
Site Setting Name
Description
Authentication/Registration/Enabled
Enables or disables all forms of user
registration. Registration must be enabled for
the other settings in this section to take effect.
Default: true
Authentication/Registration/OpenRegistrationEnabled
Enables or disables the sign-up registration
form for creating new local users. The sign-up
form allows any anonymous visitor to the
portal to create a new user account. Default:
true
Authentication/Registration/InvitationEnabled
Enables or disables the invitation code
redemption form for registering users who
possess invitation codes. Default: true
User credential validation
The following describes the settings for adjusting username and password validation parameters.
Validation occurs when signing up for a new local account or changing a password.
Site Setting Name
Description
Authentication/UserManager/PasswordValidator/Enfor
cePasswordPolicy
Whether the password contains characters
from three of the following categories:
67
�1. Uppercase letters of European
languages (A through Z, with diacritic
marks, Greek and Cyrillic characters)
2. Lowercase letters of European
languages (a through z, sharp-s, with
diacritic marks, Greek and Cyrillic
characters)
3. Base 10 digits (0 through 9)
4. Non-alphanumeric characters (special
characters) (for example, !, $, #, %)
Default: true. MSDN.
Authentication/UserManager/UserValidator/AllowOnly
AlphanumericUserNames
Whether to allow only alphanumeric
characters for the user name. Default: false.
MSDN.
Authentication/UserManager/UserValidator/RequireUn
iqueEmail
Whether unique e-mail is needed for validating
the user. Default: true. MSDN.
Authentication/UserManager/PasswordValidator/Requi
redLength
The minimum required password length.
Default: 8. MSDN.
Authentication/UserManager/PasswordValidator/Requi
reNonLetterOrDigit
Whether the password requires a non-letter or
digit character. Default: false. MSDN.
Authentication/UserManager/PasswordValidator/Requi
reDigit
Whether the password requires a numeric digit
('0' - '9'). Default: false. MSDN.
Authentication/UserManager/PasswordValidator/Requi
reLowercase
Whether the password requires a lower case
letter ('a' - 'z'). Default: false. MSDN.
Authentication/UserManager/PasswordValidator/Requi
reUppercase
Whether the password requires an upper case
letter ('A' - 'Z'). Default: false. MSDN.
User account lockout settings
The following describes the settings that define how and when an account becomes locked from
authentication. When a certain number of failed password attempts are detected under a short period of
time, the user account is locked for a period of time. The use can try again after the lockout period
elapses.
Site Setting Name
Description
Authentication/UserManager/UserLockoutEnabledB
yDefault
Indicates whether the user lockout is enabled
when users are created. Default: true. MSDN.
Authentication/UserManager/DefaultAccountLocko
utTimeSpan
The default amount of time that a user is locked
out for after
Authentication/UserManager/MaxFailedAccessAtte
mptsBeforeLockout is reached. Default: 24:00:00 (1
Day). MSDN.
68
�Authentication/UserManager/MaxFailedAccessAtte
mptsBeforeLockout
The maximum number of access attempts allowed
before a user is locked out (if lockout is enabled).
Default: 5. MSDN.
Authentication/ApplicationCookie/ExpireTimeSpa
n
The default amount of time cookie authentication
sessions are valid for. Default: 24:00:00 (1 Day).
MSDN.
See also
Configure Dynamics 365 portal authentication
OAuth2 provider settings for portals
Open ID Connect provider settings for portals
WS-Federation provider settings for portals
SAML 2.0 provider settings for portals
Facebook App (Page Tab) authentication for portals
OAuth2 provider settings for portals
Applies To: Dynamics 365 (online), Dynamics CRM Online
The OAuth 2.0 based external identity providers involve registering an "application" with a third-party
service to obtain a "client ID" and "client secret" pair. Often this application requires specifying a redirect
URL that allows the identity provider to send users back to the portal (relying party). The client ID and
client secret are configured as portal site settings in order to establish a secure connection from relying
party to identity provider. The settings are based on the properties of the
MicrosoftAccountAuthenticationOptions, TwitterAuthenticationOptions, FacebookAuthenticationOptions,
and GoogleOAuth2AuthenticationOptions classes.
The supported providers are:
Microsoft Account
Twitter
Facebook
Google
LinkedIn
Yahoo
Create OAuth applications
In general, if an OAuth provider uses app settings that require a redirect URI value, specify
http://portal.contoso.com/or http://portal.contoso.com/signin-[provider] depending on how the
provider performs redirect URI validation (some providers require the full URL path to be specified along
with the domain name). Substitute the name of the provider in place of [provider] in the redirect URI.
Google
Google OAuth2 API Credentials Instructions
69
�Open Google Developers Console
Create an API project or open an existing project
Navigate to APIs & auth > APIs
Under Social APIs, click Google+ API then click Enable API
Navigate to APIs & auth > Consent screen
Specify an Email address
Specify a custom Product name
Click Save
Navigate to APIs & auth > Credentials
Create new Client ID
Application Type: Web application
Authorized JavaScript Origins: http://portal.contoso.com
Authorized Redirect URIs: http://portal.contoso.com/signin-google
Click Create Client ID
Facebook app settings
Open Facebook Developers App Dashboard
Click Add a New App
Select Website
Click Skip and Create App ID
Specify a Display Name
Select a Category
Click Create App ID
While on the Dashboard for the new app, navigate to Settings > Basic (tab)
(Optional) App Domains: portal.contoso.com
Contact Email:
Click Add Platform and select Website
Site URL: http://portal.contoso.com/ or http://portal.contoso.com/signin-facebook
Click Save Changes
Navigate to Status & Review > Status (tab)
Do you want to make this app an all its features available to the general public? YES
The Contact Email field is required to enable this setting
70
�Microsoft application settings
Open Microsoft account Developer Center
Click Create application
Specify an Application name
Click I accept
Navigate to Settings > API settings
Redirect URLs: http://portal.contoso.com/signin-microsoft
Twitter apps settings
Open Twitter Application Management
Click Create New App
Specify a Name and Description
Website: http://portal.contoso.com
Callback URL: http://portal.contoso.com or http://portal.contoso.com/signin-twitter
Click Create your Twitter application
LinkedIn app settings
Open LinkedIn Developer Network
Click Add New Application
Specify an Application Name, Description, etc.
Website URL: http://portal.contoso.com
OAuth User Agreement/Default Scope: r_basicprofie and r_emailaddress
OAuth 2.0 Redirect Urls: http://portal.contoso.com/signin-linkedin
Click Add Application
Yahoo! YDN App settings
Open Yahoo! Developer Network
Click Create an App
Specify an Application Name
Application Type: Web Application
Callback Domain: portal.contoso.com
Click Create App
Create site settings using OAuth2
The application dashboard for each provider will display the client ID (app ID, consumer key) and client
secret (app secret, consumer secret) for each application. Use these two values to configure the portal
site settings.
71
�Note
A standard OAuth2 configuration only requires the following settings (choosing Facebook as an
example):
Authentication/OpenAuth/Facebook/ClientId
Authentication/OpenAuth/Facebook/ClientSecret
Substitute the [provider] tag in the site setting name with a specific identity provider name: Facebook,
Google, Yahoo,Microsoft, LinkedIn, or Twitter.
Site Setting Name
Description
Authentication/Registration/ExternalLoginEnabl
ed
Enables or disables external account sign-in and
registration. Default: true
Authentication/OpenAuth/[provider]/ClientId
Required. The client ID value from the provider
application. It may also be referred to as an "App
ID" or "Consumer Key".
The following setting names are allowed for
backwards compatibility:
Authentication/OpenAuth/Twitter/ConsumerKey
Authentication/OpenAuth/Facebook/AppId
Authentication/OpenAuth/LinkedIn/ConsumerKe
y
Authentication/OpenAuth/[provider]/ClientSecre
t
Required. The client secret value from the provider
application. It may also be referred to as an "App
Secret" or "Consumer Secret".
The following setting names are allowed for
backwards compatibility:
Authentication/OpenAuth/Twitter/ConsumerSecret
Authentication/OpenAuth/Facebook/AppSecret
Authentication/OpenAuth/LinkedIn/ConsumerSe
cret
Authentication/OpenAuth/[provider]/Authenticat
ionType
The OWIN authentication middleware type.
Example: yahoo. MSDN:
authenticationoptions.authenticationtype.
Authentication/OpenAuth/[provider]/Scope
A comma separated list of permissions to request.
MSDN:
microsoftaccountauthenticationoptions.scope.
Authentication/OpenAuth/[provider]/Caption
The text that the user can display on a sign in user
interface. MSDN:
microsoftaccountauthenticationoptions.caption.
Authentication/OpenAuth/[provider]/Backchannel
Timeout
Timeout value in milliseconds for back channel
communications. MSDN:
microsoftaccountauthenticationoptions.backchann
eltimeout.
72
�Authentication/OpenAuth/[provider]/CallbackPat
h
The request path within the application's base path
where the user-agent will be returned. MSDN:
microsoftaccountauthenticationoptions.callbackpat
h.
Authentication/OpenAuth/[provider]/SignInAsAut
henticationType
The name of another authentication middleware
which will be responsible for actually issuing a
userClaimsIdentity. MSDN:
microsoftaccountauthenticationoptions.signinasaut
henticationtype.
Authentication/OpenAuth/[provider]/Authenticat
ionMode
The OWIN authentication middleware mode.
MSDN:
security.authenticationoptions.authenticationmode.
See also
Configure Dynamics 365 portal authentication
Set authentication identity for a portal
Open ID Connect provider settings for portals
WS-Federation provider settings for portals
SAML 2.0 provider settings for portals
Facebook App (Page Tab) authentication for portals
Open ID Connect provider settings for portals
Applies To: Dynamics 365 (online), Dynamics CRM Online
Note
This documentation applies to Dynamics 365 portals and later versions.
OpenID Connect external identity providers are services that conform to the Open ID Connect
specifications. Integrating a provider involves locating the authority (or issuer) URL associated with the
provider. A configuration URL can be determined from the authority which supplies metadata required
during the authentication workflow. The provider settings are based on the properties of the
OpenIdConnectAuthenticationOptions class.
Examples of authority URLs are:
Google - https://accounts.google.com/https://accounts.google.com/.well-known/openid-configuration
Azure Active Directory - https://login.windows.net//
Each OpenID Connect provider also involves registering an application (similar to that of an OAuth 2.0
provider) and obtaining a Client Id. The authority URL and the generated application Client Id are the
settings required to enable external authentication between the portal and the identity provider.
Note
73
�The Google OpenID Connect endpoint is currently not supported because the underlying libraries are
still in the early stages of release with compatibility issues to address. The OAuth2 provider settings for
portals endpoint can be used instead.
OpenID settings for Azure Active Directory
To get started sign into the Azure Management Portal and create or select an existing directory. When a
directory is available follow the instructions to add an application to the directory.
1. Under the Applications menu of the directory, click the Add button
2. Choose Add an application my organization is developing
3. Specify a custom name for the application and choose the type web application and/or web
API
4. For the Sign-On URL and the App ID URI, specify the URL of the portal for both fields
https://portal.contoso.com/
5. At this point, a new application is created. Navigate to the Configure section in the menu
Under the single sign-on section, update the first Reply URL entry to include a path in the URL
http://portal.contoso.com/signin-azure-ad
This corresponds to the RedirectUri site setting value
Under the properties section, locate the client ID field. This corresponds to the ClientId site
setting value.
6. In the footer menu click the View Endpoints button and note the Federation Metadata
Document field
The left portion of the URL is the Authority value and is in one of the following formats:
https://login.microsoftonline.com/01234567-89ab-cdef-0123-456789abcdef/
https://login.microsoftonline.com/contoso.onmicrosoft.com/
To get the service configuration URL, replace the FederationMetadata/200706/FederationMetadata.xml path tail with the path .well-known/openid-configuration
https://login.microsoftonline.com/contoso.onmicrosoft.com/.well-known/openidconfiguration
This corresponds to the MetadataAddress site setting value
Create site settings using OpenID
Apply portal site settings referencing the above application.
Note
A standard Azure AD configuration only uses the following settings (with example values):
Authentication/OpenIdConnect/AzureAD/Authority
- https://login.microsoftonline.com/01234567-89ab-
cdef-0123-456789abcdef/
Authentication/OpenIdConnect/AzureAD/ClientId
- fedcba98-7654-3210-fedc-ba9876543210
74
�
Note, the Client ID and the authority URL do not contain the same value and should be
retrieved separately.
Authentication/OpenIdConnect/AzureAD/RedirectUri
- https://portal.contoso.com/signin-azure-ad
Multiple identity providers can be configured by substituting a label for the [provider] tag. Each unique
label forms a group of settings related to an identity provider. Examples: AzureAD, MyIdP
Site Setting Name
Description
Authentication/Registration/ExternalLoginEnabled
Enables or disables external account sign-in
and registration. Default: true
Authentication/OpenIdConnect/[provider]/Authority
Required. The Authority to use when making
OpenIdConnect calls. Example:
https://login.windows.net/contoso.onmicroso
ft.com/. MSDN.
Authentication/OpenIdConnect/[provider]/MetadataAd
dress
The discovery endpoint for obtaining
metadata. Commonly ending with the
path:/.well-known/openid-configuration .
Example:
https://login.windows.net/contoso.onmicroso
ft.com/.well-known/openid-configuration.
MSDN.
Authentication/OpenIdConnect/[provider]/Authentica
tionType
The OWIN authentication middleware type.
Specify the value of the issuer in the service
configuration metadata. Example:
https://sts.windows.net/contoso.onmicrosoft
.com/. MSDN.
Authentication/OpenIdConnect/[provider]/ClientId
Required. The client ID value from the provider
application. It may also be referred to as an
"App ID" or "Consumer Key". MSDN.
Authentication/OpenIdConnect/[provider]/ClientSecr
et
The client secret value from the provider
application. It may also be referred to as an
"App Secret" or "Consumer Secret". MSDN.
Authentication/OpenIdConnect/[provider]/RedirectUr
i
Recommended. The AD FS WS-Federation
passive endpoint. Example:
https://portal.contoso.com/signin-saml2.
MSDN.
Authentication/OpenIdConnect/[provider]/Caption
Recommended. The text that the user can
display on a sign in user interface. Default:
[provider]. MSDN.
Authentication/OpenIdConnect/[provider]/Resource
The 'resource'. MSDN.
Authentication/OpenIdConnect/[provider]/ResponseTy
pe
The 'response_type'. MSDN.
Authentication/OpenIdConnect/[provider]/Scope
A space separated list of permissions to
request. Default: openid. MSDN.
Authentication/OpenIdConnect/[provider]/CallbackPa
th
An optional constrained path on which to
process the authentication callback. If not
provided and RedirectUri is available, this
75
�value will be generated from RedirectUri.
MSDN.
Authentication/OpenIdConnect/[provider]/Backchanne
lTimeout
Timeout value for back channel
communications. Example: 00:05:00 (5 mins).
MSDN.
Authentication/OpenIdConnect/[provider]/RefreshOnI
ssuerKeyNotFound
Determines whether a metadata refresh
should be attempted after a
SecurityTokenSignatureKeyNotFoundExceptio
n. MSDN.
Authentication/OpenIdConnect/[provider]/UseTokenLi
fetime
Indicates that the authentication session
lifetime (e.g. cookies) should match that of the
authentication token. MSDN.
Authentication/OpenIdConnect/[provider]/Authentica
tionMode
The OWIN authentication middleware mode.
MSDN.
Authentication/OpenIdConnect/[provider]/SignInAsAu
thenticationType
The AuthenticationType used when creating
the System.Security.Claims.ClaimsIdentity.
MSDN.
Authentication/OpenIdConnect/[provider]/PostLogout
RedirectUri
The 'post_logout_redirect_uri'. MSDN.
Authentication/OpenIdConnect/[provider]/ValidAudie
nces
Comma-separated list of audience URLs.
MSDN.
Authentication/OpenIdConnect/[provider]/ValidIssue
rs
Comma-separated list of issuer URLs. MSDN.
Authentication/OpenIdConnect/[provider]/ClockSkew
The clock skew to apply when validating times.
Authentication/OpenIdConnect/[provider]/NameClaimT
ype
The claim type used by the ClaimsIdentity to
store the name claim.
Authentication/OpenIdConnect/[provider]/RoleClaimT
ype
The claim type used by the ClaimsIdentity to
store the role claim.
Authentication/OpenIdConnect/[provider]/RequireExp
irationTime
A value indicating whether tokens must have
an 'expiration' value.
Authentication/OpenIdConnect/[provider]/RequireSig
nedTokens
A value indicating whether a
System.IdentityModel.Tokens.SecurityToken
xmlns="http://ddue.schemas.microsoft.com/aut
horing/2003/5" can be valid if not signed.
Authentication/OpenIdConnect/[provider]/SaveSignin
Token
A Boolean to control if the original token is
saved when a session is created.
Authentication/OpenIdConnect/[provider]/ValidateAc
tor
A value indicating whether the
System.IdentityModel.Tokens.JwtSecurityToke
n.Actor should be validated.
Authentication/OpenIdConnect/[provider]/ValidateAu
dience
A Boolean to control if the audience will be
validated during token validation.
Authentication/OpenIdConnect/[provider]/ValidateIs
suer
A Boolean to control if the issuer will be
validated during token validation.
Authentication/OpenIdConnect/[provider]/ValidateLi
fetime
A Boolean to control if the lifetime will be
validated during token validation.
76
�Authentication/OpenIdConnect/[provider]/ValidateIs
suerSigningKey
A Boolean that controls if validation of the
System.IdentityModel.Tokens.SecurityKey that
signed the securityToken
xmlns="http://ddue.schemas.microsoft.com/aut
horing/2003/5" is called.
See also
Configure Dynamics 365 portal authentication
Set authentication identity for a portal
OAuth2 provider settings for portals
WS-Federation provider settings for portals
SAML 2.0 provider settings for portals
Facebook App (Page Tab) authentication for portals
WS-Federation provider settings for portals
Applies To: Dynamics 365 (online), Dynamics CRM Online
A single Active Directory Federation Services server can be added (or another WS-Federation–compliant
security token service) as an identity provider. In addition, a single Azure ACS namespace can be
configured as a set of individual identity providers. The settings for both AD FS and ACS are based on
the properties of the WsFederationAuthenticationOptions class.
Create an AD FS relying party trust
Using the AD FS Management tool, select Trust Relationships > Relying Party Trusts.
1. Click Add Relying Party Trust…
2. Welcome: Click Start
3. Select Data Source: Select Enter data about the relying party manually, click Next
4. Specify Display Name: Enter a name, click Next
Example: https://portal.contoso.com/
5. Choose Profile: Select AD FS 2.0 profile, click Next
6. Configure Certificate: Click Next
7. Configure URL: Check Enable support for the WS-Federation Passive protocol
Relying party WS-Federation Passive protocol URL: Enter https://portal.contoso.com/signinfederation
Note: AD FS requires that the portal run on HTTPS
Note
The resulting endpoint has the following settings:
77
�Endpoint type: WS-Federation
Binding: POST
Index: n/a (0)
URL: https://portal.contoso.com/signin-federation
8. Configure Identities: Specify https://portal.contoso.com/, click Add, click Next
If applicable, more identities can be added for each additional relying party portal. Users will be able to
authenticate across any or all of the available identities.
9. Choose Issuance Authorization Rules: Select Permit all users to access this relying party,
click Next
10. Ready to Add Trust: Click Next
11. Click Close
Add the Name ID claim to the relying party trust:
TransformWindows account name to Name ID claim (Transform an Incoming Claim):
Create AD FS site settings
Apply portal site settings referencing the above AD FS Relying Party Trust.
Note
A standard AD FS (STS) configuration only uses the following settings (with example values):
https://adfs.contoso.com/FederationMetadata/2007-06/FederationMetadata.xml
Authentication/WsFederation/ADFS/MetadataAddress
Authentication/WsFederation/ADFS/AuthenticationType
- http://adfs.contoso.com/adfs/services/trust
Use the value of the entityID attribute in the root element of the Federation Metadata (open the
MetadataAddress URL in a browser that is the value of the above site setting)
Authentication/WsFederation/ADFS/Wtrealm
Authentication/WsFederation/ADFS/Wreply
- https://portal.contoso.com/
- https://portal.contoso.com/signin-federation
The WS-Federation metadata can be retrieved in PowerShell by running the following script on the
AD FS server:
Import-Module adfs Get-ADFSEndpoint -AddressPath /FederationMetadata/200706/FederationMetadata.xml
Site Setting Name
Description
Authentication/Registration/ExternalLoginEnable
d
Enables or disables external account sign-in and
registration. Default: true
Authentication/WsFederation/ADFS/MetadataAddres
s
Required. The WS-Federation metadata URL of
the AD FS (STS) server. Commonly ending with
the path:/FederationMetadata/200706/FederationMetadata.xml .
78
�Example:https://adfs.contoso.com/FederationMe
tadata/2007-06/FederationMetadata.xml. MSDN.
Authentication/WsFederation/ADFS/Authentication
Type
Required. The OWIN authentication middleware
type. Specify the value of the entityID attribute at
the root of the federation metadata XML.
Example:
http://adfs.contoso.com/adfs/services/trust.
MSDN.
Authentication/WsFederation/ADFS/Wtrealm
Required. The AD FS relying party identifier.
Example: https://portal.contoso.com/. MSDN.
Authentication/WsFederation/ADFS/Wreply
Required. The AD FS WS-Federation passive
endpoint. Example:
https://portal.contoso.com/signin-federation.
MSDN.
Authentication/WsFederation/ADFS/Caption
Recommended. The text that the user can display
on a sign in user interface. Default: ADFS. MSDN.
Authentication/WsFederation/ADFS/CallbackPath
An optional constrained path on which to process
the authentication callback. MSDN.
Authentication/WsFederation/ADFS/SignOutWreply
The 'wreply' value used during sign-out. MSDN.
Authentication/WsFederation/ADFS/BackchannelTim
eout
Timeout value for back channel communications.
Example: 00:05:00 (5 mins). MSDN.
Authentication/WsFederation/ADFS/RefreshOnIssue
rKeyNotFound
Determines if a metadata refresh should be
attempted after a
SecurityTokenSignatureKeyNotFoundException.
MSDN.
Authentication/WsFederation/ADFS/UseTokenLifeti
me
Indicates that the authentication session lifetime
(e.g. cookies) should match that of the
authentication token. MSDN.
Authentication/WsFederation/ADFS/Authentication
Mode
The OWIN authentication middleware mode.
MSDN.
Authentication/WsFederation/ADFS/SignInAsAuthen
ticationType
The AuthenticationType used when creating the
System.Security.Claims.ClaimsIdentity. MSDN.
Authentication/WsFederation/ADFS/ValidAudiences
Comma separated list of audience URLs. MSDN.
Authentication/WsFederation/ADFS/ValidIssuers
Comma separated list of issuer URLs. MSDN.
Authentication/WsFederation/ADFS/ClockSkew
The clock skew to apply when validating times.
MSDN.
Authentication/WsFederation/ADFS/NameClaimType
The claim type used by the ClaimsIdentity to store
the name claim. MSDN.
Authentication/WsFederation/ADFS/RoleClaimType
The claim type used by the ClaimsIdentity to store
the role claim. MSDN.
Authentication/WsFederation/ADFS/RequireExpirat
ionTime
A value indicating whether tokens must have an
'expiration' value. MSDN.
Authentication/WsFederation/ADFS/RequireSignedT
okens
A value indicating whether a
System.IdentityModel.Tokens.SecurityToken
79
�xmlns="http://ddue.schemas.microsoft.com/author
ing/2003/5" can be valid if not signed. MSDN.
Authentication/WsFederation/ADFS/SaveSigninToke
n
A Boolean to control if the original token is saved
when a session is created. MSDN.
Authentication/WsFederation/ADFS/ValidateActor
A value indicating whether the
System.IdentityModel.Tokens.JwtSecurityToken.A
ctor should be validated. MSDN.
Authentication/WsFederation/ADFS/ValidateAudien
ce
A Boolean to control if the audience will be
validated during token validation. MSDN.
Authentication/WsFederation/ADFS/ValidateIssuer
A Boolean to control if the issuer will be validated
during token validation. MSDN.
Authentication/WsFederation/ADFS/ValidateLifeti
me
A Boolean to control if the lifetime will be validated
during token validation. MSDN.
Authentication/WsFederation/ADFS/ValidateIssuer
SigningKey
A Boolean that controls if validation of the
System.IdentityModel.Tokens.SecurityKey that
signed the securityToken
xmlns="http://ddue.schemas.microsoft.com/author
ing/2003/5" is called. MSDN.
Authentication/WsFederation/ADFS/Whr
Specifies a "whr" parameter in the identity
provider redirect URL. MSDN.
WS-Federation settings for Azure Active Directory
The previous section describing AD FS can also be applied to Azure Active Directory (Azure AD),
because Azure AD behaves like a standard WS-Federation compliant security token service. To get
started sign into the Azure Management Portal and create or select an existing directory. When a
directory is available follow the instructions to add an application to the directory.
1. Under the Applications menu of the directory, click the Add button
2. Choose Add an application my organization is developing
3. Specify a custom name for the application and choose the type web application and/or web
API
4. For the Sign-On URL and the App ID URI, specify the URL of the portal for both fields
https://portal.contoso.com/
This corresponds to the Wtrealm site setting value
5. At this point, a new application is created. Navigate to the Configure section in the menu
Under the single sign-on section, update the first Reply URL entry to include a path in the URL
http://portal.contoso.com/signin-azure-ad
This corresponds to the Wreply site setting value
6. Click Save in the footer
7. In the footer menu click the View Endpoints button and note the Federation Metadata
Document field
80
�This corresponds to the MetadataAddress site setting value
Paste this URL in a browser window to view the federation metadata XML and note the entityID
attribute of the root element
This corresponds to the AuthenticationType site setting value
Note
A standard Azure AD configuration only uses the following settings (with example values):
- https://login.microsoftonline.com/01234567-89abcdef-0123-456789abcdef/federationmetadata/2007-06/federationmetadata.xml
Authentication/WsFederation/ADFS/MetadataAddress
Authentication/WsFederation/ADFS/AuthenticationType
- https://sts.windows.net/01234567-89ab-
cdef-0123-456789abcdef/
Use the value of the entityID attribute in the root element of the Federation Metadata (open the
MetadataAddress URL in a browser that is the value of the above site setting)
Authentication/WsFederation/ADFS/Wtrealm
Authentication/WsFederation/ADFS/Wreply
- https://portal.contoso.com/
- https://portal.contoso.com/signin-azure-ad
Configure Facebook app authentication
Apply the configuration described in the topic Facebook App (Page Tab) authentication for portals.
See also
Configure Dynamics 365 portal authentication
Set authentication identity for a portal
OAuth2 provider settings for portals
Open ID Connect provider settings for portals
SAML 2.0 provider settings for portals
Facebook App (Page Tab) authentication for portals
SAML 2.0 provider settings for portals
Applies To: Dynamics 365 (online), Dynamics CRM Online
Note
This documentation applies to Dynamics 365 portals and later versions.
One or more SAML 2.0–compliant Identity Providers (IdP) can be added to provide external
authentication. This document describes how to setup various identity providers to integrate with a portal
acting as a Service Provider (SP).
81
�AD FS (IdP)
Settings for an IdP such as AD FS.
Create an AD FS relying party trust
Note
See Configure AD FS by using PowerShell, below, for information about how to perform these steps in
a PowerShell script.
Using the AD FS Management tool, select Service > Claim Descriptions.
1. Click Add Claim Description...
2. Specify the claim:
Display name: Persistent Identifier
Claim identifier: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
Enable checkbox for: Publish this claim description in federation metadata as a claim type that
this Federation Service can accept
Enable checkbox for: Publish this claim description in federation metadata as a claim type that
this Federation Service can send
Click OK
Using the AD FS Management tool, select Trust Relationships > Relying Party Trusts.
1. Click Add Relying Party Trust...
2. Welcome: Click Start
3. Select Data Source: Select Enter data about the relying party manually, click Next
4. Specify Display Name: Enter a name, click Next
Example: https://portal.contoso.com/
5. Choose Profile: Select AD FS 2.0 profile, click Next
6. Configure Certificate: Click Next
7. Configure URL: Check Enable support for the SAML 2.0 WebSSO protocol
Relying party SAML 2.0 SSO service URL: Enter https://portal.contoso.com/signin-saml2
Note: AD FS requires that the portal run on HTTPS
Note
The resulting endpoint has the following settings:
Endpoint type: SAML Assertion Consume Endpoints
Binding: POST
Index: n/a (0)
82
�
URL: https://portal.contoso.com/signin-saml2
8. Configure Identities: Specify https://portal.contoso.com/, click Add, click Next
If applicable, more identities can be added for each additional relying party portal. Users will be able to
authenticate across any or all of the available identities.
9. Choose Issuance Authorization Rules: Select Permit all users to access this relying party,
click Next
10. Ready to Add Trust: Click Next
11. Click Close
Add the Name ID claim to the relying party trust:
TransformWindows account name to Name ID claim (Transform an Incoming Claim):
Incoming claim type: Windows account name
Outgoing claim type: Name ID
Outgoing name ID format: Persistent Identifier
Pass through all claim values
Create site settings
Apply portal site settings referencing the above AD FS Relying Party Trust.
Note
A standard AD FS (IdP) configuration only uses the following settings (with example values):
Authentication/SAML2/ADFS/MetadataAddress
- https://adfs.contoso.com/FederationMetadata/2007-
06/FederationMetadata.xml
Authentication/SAML2/ADFS/AuthenticationType
- http://adfs.contoso.com/adfs/services/trust
Use the value of the entityID attribute in the root element of the Federation Metadata (open the
MetadataAddress URL in a browser that is the value of the above site setting)
Authentication/SAML2/ADFS/ServiceProviderRealm
Authentication/SAML2/ADFS/AssertionConsumerServiceUrl
- https://portal.contoso.com/
- https://portal.contoso.com/signin-saml2
The Federation metadata can be retrieved in PowerShell by running the following script on the AD FS
server:
Import-Module adfs
Get-ADFSEndpoint -AddressPath /FederationMetadata/2007-06/FederationMetadata.xml
Multiple IdP services can be configured by substituting a label for the [provider] tag. Each unique label
forms a group of settings related to an IdP. Examples: ADFS, AzureAD, MyIdP
Site Setting Name
Description
Authentication/Registration/ExternalLoginEnabled
Enables or disables external account sign-in
and registration. Default: true
83
�Authentication/SAML2/[provider]/MetadataAddress
Required. The WS-Federation metadata URL
of the AD FS (STS) server. Commonly ending
with the path:/FederationMetadata/200706/FederationMetadata.xml . Example:
https://adfs.contoso.com/FederationMetadat
a/2007-06/FederationMetadata.xml. MSDN.
Authentication/SAML2/[provider]/AuthenticationType
Required. The OWIN authentication
middleware type. Specify the value of the
entityID attribute at the root of the federation
metadata XML. Example:
http://adfs.contoso.com/adfs/services/trus
t. MSDN.
Authentication/SAML2/[provider]/ServiceProviderReal
m
or
Required. The AD FS relying party identifier.
Example: https://portal.contoso.com/.
MSDN.
Authentication/SAML2/[provider]/Wtrealm
Authentication/SAML2/[provider]/AssertionConsumerSe
rviceUrl
Required. The AD FS SAML Consumer
Assertion endpoint. Example:
or
https://portal.contoso.com/signin-saml2.
Authentication/SAML2/[provider]/Wreply
MSDN.
Authentication/SAML2/[provider]/Caption
Recommended. The text that the user can
display on a sign in user interface. Default:
[provider]. MSDN.
Authentication/SAML2/[provider]/CallbackPath
An optional constrained path on which to
process the authentication callback. MSDN.
Authentication/SAML2/[provider]/BackchannelTimeout
Timeout value for back channel
communications. Example: 00:05:00 (5 mins).
MSDN.
Authentication/SAML2/[provider]/UseTokenLifetime
Indicates that the authentication session
lifetime (e.g. cookies) should match that of the
authentication token. MSDN.
Authentication/SAML2/[provider]/AuthenticationMode
The OWIN authentication middleware mode.
MSDN.
Authentication/SAML2/[provider]/SignInAsAuthenticat
ionType
The AuthenticationType used when creating
the System.Security.Claims.ClaimsIdentity.
MSDN.
Authentication/SAML2/[provider]/ValidAudiences
Comma separated list of audience URLs.
MSDN.
Authentication/SAML2/[provider]/ClockSkew
The clock skew to apply when validating
times.
Authentication/SAML2/[provider]/RequireExpirationTi
me
A value indicating whether tokens must have
an 'expiration' value.
Authentication/SAML2/[provider]/ValidateAudience
A boolean to control if the audience will be
validated during token validation.
84
�IdP initiated sign-In
AD FS supports the IdP initiated SSO profile of the SAML 2.0 specification. In order for the portal (SP) to
respond properly to the SAML request initiated by the IdP, the RelayState parameter must be encoded
properly.
The basic string value to be encoded into the SAML RelayState parameter must be in the format:
ReturnUrl=/content/sub-content/ where /content/sub-content/ is the path to the webpage you want to
navigate to on the portal (SP). The path can be replaced by any valid webpage on the portal. The string
value is encoded and placed into a container string of the format: RPID=&RelayState=. This entire string is once again encoded and added to
another container of the format:
https://adfs.contoso.com/adfs/ls/idpinitiatedsignon.aspx?RelayState=.
For example, given the SP path: /content/sub-content/ and the relying party ID:
https://portal.contoso.com/, construct the URL with the steps:
Encode the value ReturnUrl=/content/sub-content/
Encode the value https://portal.contoso.com/
to get ReturnUrl%3D%2Fcontent%2Fsub-content%2F
to get https%3A%2F%2Fportal.contoso.com%2F
Encode the value
RPID=https%3A%2F%2Fportal.contoso.com%2F&RelayState=ReturnUrl%3D%2Fcontent%2Fsub-content%2F
to get
RPID%3Dhttps%253A%252F%252Fportal.contoso.com%252F%26RelayState%3DReturnUrl%253D%252Fcont
ent%252Fsub-content%252F
Prepend the ADFS IdP initiated SSO path to get the final URL
https://adfs.contoso.com/adfs/ls/idpinitiatedsignon.aspx?RelayState=RPID%3Dhttps%253A%252
F%252Fportal.contoso.com%252F%26RelayState%3DReturnUrl%253D%252Fcontent%252Fsubcontent%252F
The following PowerShell script can be used to construct the URL (save to a file named GetIdPInitiatedUrl.ps1).
<#
.SYNOPSIS
Constructs an IdP initiated SSO URL to access a portal page on the SP.
.PARAMETER path
The path to the portal page.
.PARAMETER rpid
The relying party identifier.
.PARAMETER adfsPath
The AD FS IdP initiated SSO page.
85
�.EXAMPLE
PS C:\> .\Get-IdPInitiatedUrl.ps1 -path "/content/sub-content/" -rpid
"https://portal.contoso.com/" -adfsPath
"https://adfs.contoso.com/adfs/ls/idpinitiatedsignon.aspx"
#>
param
(
[parameter(mandatory=$true,position=0)]
$path,
[parameter(mandatory=$true,position=1)]
$rpid,
[parameter(position=2)]
$adfsPath = "https://adfs.contoso.com/adfs/ls/idpinitiatedsignon.aspx"
)
$state = "ReturnUrl=$path"
$encodedPath = [uri]::EscapeDataString($state)
$encodedRpid = [uri]::EscapeDataString($rpid)
$encodedPathRpid = [uri]::EscapeDataString("RPID=$encodedRpid&RelayState=$encodedPath")
$idpInitiatedUrl = "{0}?RelayState={1}" -f $adfsPath, $encodedPathRpid
Write-Output $idpInitiatedUrl
SAML 2.0 settings for Azure Active Directory
The previous section describing AD FS can also be applied to Azure AD because Azure AD behaves like
a standard SAML 2.0 compliant IdP. To get started sign into the Azure Management Portal and create or
select an existing directory. When a directory is available, follow the instructions to add an application to
the directory.
1. Under the Applications menu of the directory, click the Add button
2. Choose Add an application my organization is developing
3. Specify a custom name for the application and choose the type web application and/or web
API
86
�4. For the Sign-On URL and the App ID URI, specify the URL of the portal for both fields
https://portal.contoso.com/
This corresponds to the ServiceProviderRealm (Wtrealm) site setting value
5. At this point, a new application is created. Navigate to the Configure section in the menu
Under the single sign-on section, update the first Reply URL entry to include a path in the URL
http://portal.contoso.com/signin-azure-ad
This corresponds to the AssertionConsumerServiceUrl (Wreply) site setting value
6. In the footer menu click the View Endpoints button and note the Federation Metadata
Document field
This corresponds to the MetadataAddress site setting value
Paste this URL in a browser window to view the federation metadata XML and note the entityID
attribute of the root element
This corresponds to the AuthenticationType site setting value
Note
A standard Azure AD configuration only uses the following settings (with example values):
- https://login.microsoftonline.com/01234567-89abcdef-0123-456789abcdef/federationmetadata/2007-06/federationmetadata.xml
Authentication/SAML2/AzureAD/MetadataAddress
Authentication/SAML2/AzureAD/AuthenticationType
- https://sts.windows.net/01234567-89ab-cdef-
0123-456789abcdef/
Use the value of the entityID attribute in the root element of the Federation Metadata (open the
MetadataAddress URL in a browser that is the value of the above site setting)
Authentication/SAML2/AzureAD/ServiceProviderRealm
Authentication/SAML2/AzureAD/AssertionConsumerServiceUrl
- https://portal.contoso.com/
- https://portal.contoso.com/signin-
azure-ad
Shibboleth Identity Provider 3
Use the following guidelines for correctly configuration Shibboleth Identity Provider as an IdP service. The
following assumes the IdP is hosted on the domain: https://idp.contoso.com.
The federation metadata URL is: https://idp.contoso.com/idp/shibboleth
The IdP must be configured to generate/serve a Persistent Identifier. Follow the instructions to enable
Persistent Identifier Generation.
The IdP federation metadata () must be configured to include a SSO redirect
binding. Example.
Configure the Service Providers (Relying Parties) by setting up the metadata-providers.xml.
87
�
Each SP federation metadata () must include an assertion consumer service
post binding. One option is to use a FilesystemMetadataProvider and reference a configuration
file that contains:
The Location attribute corresponds to the AssertionConsumerServiceUrl (Wreply) setting.
The SP federation metadata should specify an entityID attribute for the EntityDescriptor which
corresponds to the AuthenticationType setting.
...
Note
A standard Shibboleth configuration only uses the following settings (with example values):
Authentication/SAML2/Shibboleth/MetadataAddress
- https://idp.contoso.com/idp/shibboleth
Authentication/SAML2/Shibboleth/AuthenticationType
- https://idp.contoso.com/idp/shibboleth
Use the value of the entityID attribute in the root element of the Federation Metadata (open the
MetadataAddress URL in a browser that is the value of the above site setting)
Authentication/SAML2/Shibboleth/ServiceProviderRealm
Authentication/SAML2/Shibboleth/AssertionConsumerServiceUrl
- https://portal.contoso.com/
- https://portal.contoso.com/signin-
saml2
IdP initiated sign-in
Shibboleth supports the IdP initiated SSO profile of the SAML 2.0 specification. For the portal (SP) to
respond properly to the SAML request initiated by the IdP, the RelayState parameter must be encoded
properly.
The basic string value to be encoded into the SAML RelayState parameter must be in the format:
ReturnUrl=/content/sub-content/ where /content/sub-content/ is the path to the desired webpage to
navigate to on the portal (SP). The path can be replaced by any valid webpage on the portal. The full IdP
initiated SSO URL should be in the format:
https://idp.contoso.com/idp/profile/SAML2/Unsolicited/SSO?providerId=&target=.
For example, given the SP path: /content/sub-content/ and the relying party ID:
https://portal.contoso.com/, the final URL is:
https://idp.contoso.com/idp/profile/SAML2/Unsolicited/SSO?providerId=https%3A%2F%2Fportal.contoso
.com%2F&target=ReturnUrl%3D%2Fcontent%2Fsub-content%2F
The following PowerShell script can be used to construct the URL (save to a file named GetShibbolethIdPInitiatedUrl.ps1).
<#
.SYNOPSIS
Constructs an IdP initiated SSO URL to access a portal page on the SP.
88
�.PARAMETER path
The path to the portal page.
.PARAMETER providerId
The relying party identifier.
.PARAMETER shibbolethPath
The Shibboleth IdP initiated SSO page.
.EXAMPLE
PS C:\> .\Get-ShibbolethIdPInitiatedUrl.ps1 -path "/content/sub-content/" -providerId
"https://portal.contoso.com/" -shibbolethPath
"https://idp.contoso.com/idp/profile/SAML2/Unsolicited/SSO"
#>
param
(
[parameter(mandatory=$true,position=0)]
$path,
[parameter(mandatory=$true,position=1)]
$providerId,
[parameter(position=2)]
$shibbolethPath = "https://idp.contoso.com/idp/profile/SAML2/Unsolicited/SSO"
)
$state = "ReturnUrl=$path"
$encodedPath = [uri]::EscapeDataString($state)
$encodedRpid = [uri]::EscapeDataString($providerId)
$idpInitiatedUrl = "{0}?providerId={1}&target={2}" -f $shibbolethPath, $encodedRpid, $encodedPath
Write-Output $idpInitiatedUrl
Configure AD FS by using PowerShell
The process of adding a relying party trust in AD FS can also be performed by running the following
PowerShell script on the AD FS server (save contents to a file named Add89
�AdxPortalRelyingPartyTrustForSaml.ps1). After running the script, continue with configuring the portal
site settings.
<#
.SYNOPSIS
Adds a SAML 2.0 relying party trust entry for a Dynamics CRM portals website.
.PARAMETER domain
The domain name of the portal.
.EXAMPLE
PS C:\> .\Add-AdxPortalRelyingPartyTrustForSaml.ps1 -domain "portal.contoso.com"
#>
param
(
[parameter(Mandatory=$true,Position=0)]
$domain,
[parameter(Position=1)]
$callbackPath = "/signin-saml2"
)
$VerbosePreference = "Continue"
$ErrorActionPreference = "Stop"
Import-Module adfs
Function Add-CrmRelyingPartyTrust
{
param (
[parameter(Mandatory=$true,Position=0)]
$name
)
$identifier = "https://{0}/" -f $name
90
�$samlEndpoint = New-ADFSSamlEndpoint -Binding POST -Protocol SAMLAssertionConsumer -Uri
("https://{0}{1}" -f $name, $callbackPath)
$identityProviderValue = Get-ADFSProperties | % { $_.Identifier.AbsoluteUri }
$issuanceTransformRules = @'
@RuleTemplate = "MapClaims"
@RuleName = "Transform Windows Account Name to Name ID claim"
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname"]
=> issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", Issuer =
c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType,
Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] =
"urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
@RuleTemplate = "LdapClaims"
@RuleName = "Send LDAP Claims"
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer
== "AD AUTHORITY"]
=> issue(store = "Active Directory", types =
("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"), query =
";givenName,sn,mail;{{0}}", param = c.Value);
'@ -f $identityProviderValue
$issuanceAuthorizationRules = @'
@RuleTemplate = "AllowAllAuthzRule"
=> issue(Type = "http://schemas.microsoft.com/authorization/claims/permit", Value = "true");
'@
Add-ADFSRelyingPartyTrust -Name $name -Identifier $identifier -SamlEndpoint $samlEndpoint IssuanceTransformRules $issuanceTransformRules -IssuanceAuthorizationRules
$issuanceAuthorizationRules
}
# add the 'Identity Provider' claim description if it is missing
91
�if (-not (Get-ADFSClaimDescription | ? { $_.Name -eq "Persistent Identifier" })) {
Add-ADFSClaimDescription -name "Persistent Identifier" -ClaimType
"urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" -IsOffered:$true -IsAccepted:$true
}
# add the portal relying party trust
Add-CrmRelyingPartyTrust $domain
See also
Configure Dynamics 365 portal authentication
Set authentication identity for a portal
OAuth2 provider settings for portals
Open ID Connect provider settings for portals
WS-Federation provider settings for portals
Facebook App (Page Tab) authentication for portals
Facebook App (Page Tab) authentication for
portals
Applies To: Dynamics 365 (online), Dynamics CRM Online
Dynamics 365 portals are capable of hosting Facebook Apps in the context of a Facebook Page Tab.
This is achieved by employing features such as Login with Facebook and ASP.Net MVC Display Modes.
Prerequisites
Start by setting up a standard portal.
Configure IIS
The same website used to host the standard portal is also used to host the Facebook App portal.
However, the website must be configured to respond to Facebook specific site bindings in addition to the
existing bindings. The specific site bindings should contain a host name value that distinguishes it as a
Facebook App portal. For example, a standard portal hosted from the domain contoso.com can specify
the domain facebook-contoso.com for hosting the Facebook App.
Type
Host Name
Port
Notes
http
contoso.com
80
The standard portal.
http
facebook-contoso.com
80
The Facebook App portal.
https
facebook-contoso.com
443
The Secure Facebook App portal.
92
�Configure display mode
The MVC Display Modes feature allows the Facebook App to present a customized user experience. The
Facebook display mode is enabled by adding the following site setting.
Site Setting Name
Value (examples - replace
with your Page Tab URL)
Note
DisplayModes/Facebook/HostName
facebook-contoso.com,
facebook-*
The host name of the
Facebook App portal.
Accepts wildcard.
Test the site bindings
View the portal through each of the site bindings in a web browser to ensure that the bindings are
functioning correctly. Verify that the Facebook site bindings render a customized view distinct from the
other bindings
Set up the Facebook app
1. Go to the Facebook Developers site and sign in with a Facebook account. Under the My Apps
drop-down menu click the Add a New App button, then click Skip and Create App ID.
2. In the resulting Create a New App ID dialog, specify a valid Display Name, Namespace, and
Choose a Category (such as Apps for Pages) because this will eventually be required to publish
an app to the public. The Namespace can be left blank. Click Create App. Submit the Security
Check (captcha) dialog as well.
3. After landing on the Dashboard, navigate to the Settings area in the left column navigation.
4. Complete the Basic form by entering the fields shown in the following example:
Display Name
Contoso Portal
Contact Email
administrator@contoso.com
App Domains
portal.contoso.comfacebook-portal.contoso.com
Note
If the domain values cannot be successfully set, leave this field blank for now,
complete the next step to specify a Site URL, and then return to this field.
5. Click the + Add Platform button and click Website from the Select Platform dialog. Enter a Site
URL.
93
�Website
Site URL
Example - http://contoso.com
6. Again, click the + Add Platform button and this time click Page Tab. Complete this new section
based on the following fields.
Page tab
Secure Page Tab URL
https://facebook-contoso.com/app/facebook
Page Tab Name
Contoso Portal
Note
The Page Tab URL should have the /app/facebook path appended to the App domain URL. The portal
uses this endpoint to launch the App portal.
7. Click Save Changes.
Take note of the App ID and App Secret values of the new app. Use these values when configuring the
site settings. The two Authentication Site Settings that need to be configured are:
Authentication/OpenAuth/Facebook/AppId
Authentication/OpenAuth/Facebook/AppSecret
The Value and Website of each site setting must also be added into the site settings. ***The Facebook
Authentication Site Settings may require the Website's Application Pool to be recycled before they are
functional***
Publish the app
Click over to the Status & Review area (under Settings area). The first option of the Status tab asks: Do
you want to make this app and all its live features available to the general public? Change this setting to
YES.
Add the Facebook page tab to your Facebook page
If you do not have a Facebook Page, follow the instructions here to create one Create a Page. If you will
be using an existing page, the current Facebook user must have sufficient permission to add a Page Tab
to the Page. If your Facebook Page does not already have the Page Tab functionality enabled, you must
enable it by browsing to a specific URL (substituting the relevant App ID and "next" URL value). The URL
below can be used if you substitute the App ID and encoded URL with your information. Further details
can be found in Using Page Tabs and URL Encoding.
https://www.facebook.com/dialog/pagetab?app_id=0123456789&next=http%3a%2f%2ffacebookcontoso.com%2F
This displays the Add Page Tab dialog to select the Page that will contain the Page Tab and app.
Browse back to the Page and the app should be available in the grid of added Page Tabs. Click the Page
Tab to view the Facebook App portal framed within the Facebook Page.
Note
94
�By default, Internet Explorer does not allow third-party cookies to be created for portals/apps that are
rendered in an iFrame of another host portal. This is the case of a Facebook App portal hosted from a
Page Tab. A side effect of this cookie blocking is that an app is unable to create and maintain an
authenticated session. This is resolved by updating the App portal to publish a Platform for Privacy
Preferences (P3P) policy. There are various options for achieving this one of which is to update the
web.config of the App portal to include a custom header. For Example:
See also
Configure Dynamics 365 portal authentication
Set authentication identity for a portal
OAuth2 provider settings for portals
Open ID Connect provider settings for portals
WS-Federation provider settings for portals
SAML 2.0 provider settings for portals
Control webpage access for portals
Applies To: Dynamics 365 (online), Dynamics CRM Online
Web page access control rules are rules that you create for your site to control both the publishing actions
that a web role can perform across the pages of your website as well as to control what pages are visible
by what web roles. The webpage access entity has the following attributes:
Name
Description
Name
A descriptive name for the rule.
95
�Name
Description
Website
The website that this rule applies to; must match
the website of the page to which this rule is
applied. Filters Web Page.
Web Page
The Web Page that this rule applies to.
Note
The rule will affect not only the page but all child
pages of the page, therefore making this
attribute select the branch of the website to
which the rule will apply. If a rule is applied to
the home page, then it will apply to the entire
Portal.
Right
Grant Change or Restrict Read. See Grant
change below.
Description
A description of the rule. Optional.
After creating a new access control rule, associate it with a page, this will cause it to affect both the page
you assign the rule to as well as all child pages in other words, the entire 'branch' of the website.
There are two type of access control rule: Grant Change and Restrict Read.
Grant Change
Grant Change allows a user in a web role associated with the rule to publish content changes for
this page and all child pages of this page. Grant Change takes precedence over restrict read. For
example, you might have a "news" section of the site; which you want to be editable by users in
the "news editor" web role. These users might not have access to the entire site, and certainly
can't edit the entire site, but within this branch they have full content publishing authority. You
would create a webpage access control rule called "grant news publishing to news editors".
Next you would set the right to "grant change" and the webpage to the parent page of the entire
"news" branch of your site.
You would then assign this web role to any contacts you want to designate as news editors. Bear
in mind one user can have many web roles.
A Grant Change rule should always be present in any portal that you wish to enable front-side
editing for. This rule will apply to the home page of the site, thus making it the default rule for the
entire site. This rule will be associated with a web role that is to represent the administrative role
for the site. Users that are to be given front-side content publishing rights will be assigned to this
role.
Restrict read
The restrict read rule is used to limit viewing of a page (and its child pages) and its content to
specific users. Whereas grant change is a permissive rule (it grants the ability to do something to
its users), restrict read is a restrictive rule in that it restricts an action to a limited set of users. For
example, you might have a section of the site meant to be used by employees only. You might
restrict read of this branch to only people in the "employee" web role. You would create a new
rule called "restrict read to Employees only".
96
�You would then set the right to restrict read and the page to the page at the top of the branch
which is to be read only by employees.
You would then associate this rule with the employee web role and then assign users to this role.
Note
The root 'home' page of a website is a special node and must not have a restrict read rule applied to it.
This will produce a runtime error. The security validation requires that all users must be able to read the
root page of a website to validate contents within the site. The login, access denied, page not found,
and error page are also special cases that also must be readable by all users.
See also
Create web roles for portals
Assign permission set to a web role for portals
Add record-based security using entity permissions for portals
Assign a permission set to a web role for portals
Applies To: Dynamics 365 (online), Dynamics CRM Online
Website Access Permissions is a permission set, associated with a web role, that permits front-side
editing of the various content managed elements within the portal other than just webpages. The
permission settings determine which components can be managed in the portal. More information:
Create web roles for portals
Name
Description
Manage Content Snippets
Allows the editing of Snippet controls. More
information: Customize content by using content
snippets
Manage Site Markers
Allows the editing of hyperlinks that use
sitemarkers
Manage Web Link Sets
Allows the editing of web link sets, including
adding and removing web links from a web link
set. More information: Manage web links in
Dynamics 365 or on portals
Preview Unpublished Entities
Allows the viewing of portal-exposed entities that
have a publishing state of Draft.
To add website access permission to a web role, just create a new Website Access entity, give it the
permission set you want, name it, associate with the website in question, save, and then associate it with
the web role(s) you desire.
97
�See also
Create web roles for portals
Control webpage access for portals
Add record-based security using entity permissions for portals
Add record-based security by using entity
permissions for portals
Applies To: Dynamics 365 (online), Dynamics CRM Online
Record-based security in Dynamics 365 portals that applies to individual records is provided by using
Entity Permissions.
Although permissions to change and access URLs in a portal sitemap is granted via Content
Authorization, site managers will also want to secure their custom web applications built with Entity Forms
and Entity Lists. More information: Define entity forms and custom logic within the Dynamics 365 portal
and Add a webpage to render a list of records
To secure these features, Entity Permissions allow for granular rights to be granted for arbitrary entities
and for record-level security to be enabled via relationship definitions.
Adding entity permissions to a web role
Entity Permissions are added to Web Roles, allowing you to define roles in your organization which
logically correspond to the privileges and concepts of record ownership/access that are introduced with
Entity permissions. Remember that a given Contact can belong to any number of roles and a given role
can contain any number of Entity Permissions. More information: Create web roles for portals
To add an Entity Permission to a Web Role, navigate first to the Web Role you wish to add the
permissions to. Web roles for a website can be found in Dynamics 365 in either Portals > Web Roles or
Portals > {your portal} > Web Roles.
Click to Add an Existing Entity Permission. From there you may click to create a New Entity Permissions
Record.
98
�When creating a new Entity Permission record, the first step is to Determine the Entity that will be
secured. The next step is to define Scope, as discussed below, and in the case of any scope besides
Global, the Relationships that define that scope must be specified. Finally, determine the Rights that are
being granted to the Role via this permission. Note that rights are cumulative, so if a user is in a role that
grants Read, and another that grants read and update, the user will have read and update to any records
that overlap between the two roles.
Global scope
If a Permission record with Read permission is granted to a role that has global scope, any contact in that
role will have access to all records of the defined Entity in Dynamics 365. For example, they can see all
leads, all accounts, and so on. This permission will be automatically respected by any entity lists;
essentially showing all records according to the Dynamics 365 views that have been defined for that list.
Further, if a user attempt to access a record via an Entity Form that they do not have access to, they will
receive a permission error.
Contact scope
With Contact scope, a signed-in user in the role for which the permission record is defined will have the
rights granted by that permission only for records that are related to that user's contact record via a
relationship that is defined in Dynamics 3655.
On an entity list, this means a filter will be added to whatever Dynamics 365 views are surfaced by that
list, which retrieves only records linked to the current user directly. (Depending on the scenario, this
relationship can be thought of as "ownership," "management rights," and so on.)
Entity Forms will only allow the appropriate permission for Read, Create, Write, and so on if this
relationship exists when the record is loaded. More information: Define entity forms and custom logic
within the Dynamics 365 portal.
99
�Account scope
With Account Scope, a signed-in user in the Role for which the permission record is defined will have the
rights granted by that permission only for records that are related to that user's parent account record via
a relationship that is defined in Dynamics 365.
Self scope
Self Scope allows you to define the rights a user has to their own Contact (Identity) record. This allows
users to use Entity Forms or Web Forms to make changes to their own Contact Record linked with their
profile. Note that the default Profile Page has a special built-in form that allows any user to change their
basic contact info and opt in or out of marketing lists. If this form is included in your portal (which it is by
default), users do not require this permission to use it. However, they will require this permission to use
any custom Entity Forms or Web Forms that target their User Contact Record.
Parental scope
In this most complex case, permissions are granted for an entity that is a relationship away from an entity
for which a permission record has already been defined. This permission is actually a child record of the
parent Entity Permission.
The Parent Permission Record defines a permission and scope for an entity (probably Global or Contact
Scope, although parent is also possible). That entity may be related to contact (in the case of Contact
scope) or globally defined. With that permission in place, a Child Permission is created that defines a
relationship from another entity to the entity defined in the parent relationship.
Thus, users in a web role who have access to records defined by parent entity permissions will also have
rights as defined by the child permission record to records related to the parent record.
Attributes and relationships
The table below explains the Entity Permission attributes.
Name
Description
Name
The descriptive name of the record. This field is required.
Entity Name
The logical name of the entity that is to be secured or that will define the
Contact Relationship or Parent Relationship to secure a related entity on
a child permission. This field is required.
Scope
One of the following:
Global - Grant privileges to the entity record without any requirement
for an owner (contact).
Contact - Grant privileges to the entity record that has a direct
relationship to an owner (contact).
Account - Grant privileges to the entity record that has a relationship
to an account, which serves as the owner, assuming the account is
the parent customer of the contact.
Parent - Grant privileges to the entity record through the chain of its
parent permissions' relationships.
This is a mandatory field.
100
�Name
Description
Contact Relationship
Required only if Scope = Contact. The schema name of the relationship
between contact and the entity specified by the Entity Name field.
Parent Relationship
Required only if a Parent Entity Permission is assigned. The schema
name of the relationship between the entity specified by the Entity Name
field and the entity specified by the Entity Name field on its Parent Entity
Permission.
Parent Entity Permission
Requires only if Scope = Parent. The parent Entity Permission.
Read
Privilege that controls whether the user can read a record.
Write
Privilege that controls whether the user can update a record.
Create
Privilege that controls whether the user can create a new record. The right
to create a record for an entity type does not apply to an individual record,
but instead to a class of entities.
Delete
Privilege that controls whether the user can delete a record.
Append
Privilege that controls whether the user can attach another record to the
specified record.
The Append and Append To access rights work in combination. Every
time that a user attaches one record to another, the user must have both
rights. For example, when you attach a note to a case, you must have the
Append access right on the note and the Append To access right on the
case for the operation to work.
Append To
Privilege that controls whether the user can append the record in question
to another record.
The Append and Append To access rights work in combination. For more
information, see the description for Append.
Global permissions for tasks related to leads
In one scenario, one might want to use an entity list and entity form(s) to surface all leads on the portal, to
anyone in a custom "Lead Manager" Web Role. On the Lead Edit Form, which is launched whenever a
lead row is clicked on the List, there will be a subgrid displaying related Task records. These records
should be accessible to anyone in the Lead manager role. As the first step, we'll give Global Permissions
to leads to anyone in our Lead Manager Role.
This role has a related Entity Permission for the "Lead" entity, with a Global scope.
Users in this role can access all leads via Entity Lists or Forms on the portal.
101
�We will now add a Child Permission to the Global Lead Permission. With the Parent permission record
open, first navigate to the Child Entity Permissions subgrid and click New to open a lookup for entity
permissions, then click the magnifying glass and click New to add a new record.
Select the entity as Tasks and the Scope as Parental. Note that you can then select the parent
relationship (Lead_Tasks). This permission implies that a contact that is in a web role with the parent
permission will then have global permission to all tasks that are related to leads.
Remember that in order for your list to respect these permissions, you must have enabled Entity
Permissions on the list AND there must be actions that will actually allow the users to perform the actions
for which their permissions have been granted. Furthermore, Permissions must also be enabled on the
Define entity forms and custom logic within the Dynamics 365 portal record, and that form must be
surfacing a page that has a subgrid on it for the entity that you want to enable with child permissions, in
this case Tasks. Furthermore, to enable read or create for tasks, you will need to configure those Entity
Forms too, and edit the forms to remove the Regrading lookup field from said forms.
102
�This then grants permissions for all tasks that are related to leads. If Tasks are being surfaced on an
entity list, a filter is essentially added to the list so that only tasks that are related to a lead will show up in
the list. In our example, they are being surfaced with a subgrid on an entity form.
Contact-scoped permissions for tasks
Another example would be if you wanted to allow access to tasks for which a contact is related to the
parent Lead for that task. This scenario is nearly identical to the above except that in this case the parent
permission has a scope of Contact, instead of global. A relationship must be specified on the parent
relationship between the Lead entity and the Contact Entity.
After these permissions are in place, users in the Lead Manager role can access leads that are related to
them directly as specified by the contact-scope permission, and Tasks related to those same Leads as
specified by the child permission record.
See also
Create web roles for portals
Control webpage access for portals
Assign permission set to a web role for portals
103
�Define entity forms and custom logic within the
Dynamics 365 portal
Applies To: Dynamics 365 (online), Dynamics CRM Online
A data driven configuration to allow end users to add a form to collect data in the portal without the need
for a developer to surface the form in the portal. Entity Forms are created in Dynamics 365 and then
placed into webpages in the Portal or used in conjunction with Sub-Grids and Entity Lists to build out
complete web applications. More information: Add a webpage to render a list of records.
Add a form to your portal
The Entity Form contains relationships to webpages and additional properties in order to control the
initialization of the form within the portal. The relationship to Web Page allows dynamic retrieval of the
form definition for a given page node within the website.
To view existing Entity Forms or to create new Entity Forms navigate to Portals > Entity Forms
When creating a new Entity Form the first step is to decide the Entity and Form Name that you will be
rendering as well as the mode: Insert, Edit, or Read Only. The mode selected will determine if you are
creating a new record from the portal, editing an existing record, or just displaying info about a record on
the portal.
Note
An Entity Form must be associated with a Web Page for a given website for the form to be viewable
within the site.
The Web Pages associated with the Entity Form can be viewed by clicking the Web Pages link listed in
the Related navigation links in the leftmost menu.
When creating or editing a Web Page, an Entity Form can be specified in the lookup field provided on
the Web Page form.
104
�The various master pages used by the portal found in the Dynamics 365 portal installation directory
contains declarations of the EntityForm server control. When rendering the Web Page containing either
the Page (~/Pages/Page.aspx) page template or Full Page (~/Pages/FullPage.aspx) page template, the
controls will determine if the Entity Form lookup contains a value then the form will be rendered.
Secure your forms
To secure your forms, you must create entity permissions that determine access and ownership of the
records in Dynamics 365 according to Web Roles. If a user lands on an Entity Form and does not have
permissions, they will receive an error message. To Enable Permissions for an Entity Form. set Enable
Entity Permissions to true. More information: Create web roles for portals.
See also
Configure a Dynamics 365 portal
Web Form properties for portals
Web Form steps for portals
Web Forms metadata for portals
Web Form subgrid configuration for portals
Notes configuration for Web Forms for portals
Web form properties for portals
Applies To: Dynamics 365 (online), Dynamics CRM Online
The Web Form contains relationships to webpages and a start step to control the initialization of the form
within the portal. The relationship to Web Page allows dynamic retrieval of the form definition for a given
page node within the website.
The other options on the Web Form record itself control top-level preferences for the multiple-step
process as a whole, for example whether you'd like to display a progress bar.
To view existing Web Forms or to create new Web Forms, navigate to Portals -> Web Forms
Note
A Web Form must be associated with a Web Page for a given website for the form to be viewable
within the site.
When creating or editing a Web Page, a Web Form can be specified in the lookup field provided on the
Web Page form.
105
�Web form attributes
The following attributes and relationships determine the functionality of the Web Form.
Name
Description
Name
A title of the form used for reference.
Start Step
The first step of the form. A Web Form will consist
of one or more steps. For more detail regarding
steps please refer to the section titled Web Form
Step found below.
Note
Note: The first step cannot be of type
"Condition".
Authentication Required
If checked, when a user that is not logged in visits
the page containing the form, they will be
redirected to the login page. Upon successful login
the user will be redirected back to the page
containing the form.
Start New Session On Load
Selecting Yes indicates that if the user opens the
form in a new browser, or new tab or closes the
browser or page and returns the form will start a
completely new session and begin at the first step.
Otherwise the session will be persisted and the
user can close the browser or page and resume
later exactly where they left off. Default: No.
Multiple Records Per User Permitted
Selecting Yes indicates that a user is permitted to
create more than one submission. This assists the
form in determining what to do when a user
revisits a form. Default: Yes.
106
�Name
Description
Edit Expired State Code
The target entity's state code integer value that
when combined with the status reason indicates
when an existing record can no longer be edited.
Edit Expired Status Reason
The target entity's status code integer value that
when combined with the state code, indicates
when an existing record has these values then the
record is not to be edited anymore i.e. when a
record is updated as complete for example.
Edit Expired Message
The message displayed when the existing record's
state code and status reason match the values
specified. For each language pack installed and
enabled for the Dynamics 365 organization a field
will be available to enter the message in the
associated language. Default message; "You have
already completed a submission. Thank you!"
Progress indicator settings
Name
Description
Enabled
Check to display the progress indicator. Default:
Disabled.
Type
One of the following:
Title
Numeric (Step x of n)
Progress Bar
Default: Title
Position
One of the following:
Top
Bottom
Left
Right
Position is relative to the form. Default: Top.
Prepend Step Number to Step Title
Check to add the number of the step to the
beginning of the title of the step. Default is
unchecked.
Example of the various progress indicator types:
Title
107
�Title with Step Number prepended
Numeric
Progress Bar
108
�“Save changes” warning
Name
Description
Display Save Changes Warning On Close
Select to display a warning message if the user
has made changes to field(s) and they try to
reload the page, close the browser, click the
browser's back button, or click the previous button
in a multiple step form.
Save Changes Warning Message
For each language pack installed and enabled for
the Dynamics 365 organization, a field will be
available to enter the message in the associated
language. If no message is specified, the
browser's default will be used.
Example:
Note
Firefox does not provide the ability to specify a custom message.
Web form metadata
Web Form Metadata contains additional behavior modification logic to augment or override the
functionality of form fields that is otherwise not possible with the Dynamics 365 native entity form editing
capabilities.
On the Web Form Step that has fields that you would like to modify
Click the Metadata link in the leftmost navigation area.
To add a new record:
1. Click Add New Web Form Metadata
To edit an existing record:
1. Double-click on a record in the grid
109
�Web form metadata properties
The following attributes provide additional styling and capabilities for elements on a form.
Name
Description
Web Form Step
The Web Form Step associated with the Web
Form Metadata record.
Type
Available options are:
Web Form Metadata Type = Attribute: displays
the appropriate options for modifying fields on the
current form rendered for the related step.
Web Form Metadata Type = Section:
displays the options available for modifying a
section on the form.
Web Form Metadata Type = Tab: displays
the options available for modifying a tab on a
form.
Web Form Metadata Type = Purchase:
displays products for purchase and to
generate a quote record in Dynamics 365 to
persist the user's purchase selections to
create an order and process payment.
Web form metadata type = attribute
The following properties are displayed when the Type selected is Attribute.
Name
Description
Attribute Logical Name
The logical name of the attribute field to be
modified.
Label
Replaces the default label assigned to the attribute
on the entity with the text specified in this input.
For each language pack installed and enabled for
the Dynamics 365 organization a field will be
available to enter the message in the associated
language.
Control style
The following options modify the style and functionality of an attribute's field.
Name
Description
Style
One of the following:
Option Set as Vertical Radio Button List
110
�Name
Description
Option Set as Horizontal Radio Button List
Single Line of Text as Geolocation Lookup
Validator (requires Bing Maps Settings)
Group Whole Number as Constant Sum
(requires Group Name)
Group Whole Number as Rank Order Scale
No Ties (requires Group Name)
Group Whole Number as Rank Order Scale
Allow Ties (requires Group Name)
Multiple Choice Matrix (requires Group Name)
Multiple Choice (requires Group Name)
Group Whole Number as Stack Rank
(requires Group Name)
Group Name
A name used to group controls together as a
composite control.
Multiple Choice Minimum Required Selected
Count
This is the required minimum values selected in
the multiple choice question. Only necessary if
'Multiple Choice' Control Style is selected.
Multiple Choice Max Selected Count
This is the maximum number of values that is
permitted to be selected in the multiple choice
question. Only necessary if 'Multiple Choice'
Control Style is selected.
Constant Sum Minimum Total
This is the required minimum value applied to a
constant sum response field. Only necessary if
'Group Whole Number as Constant Sum' Control
Style is selected.
Constant Sum Maximum Total
This is the maximum number of value that is
permitted to be applied to a constant sum
response field. Only necessary if 'Group Whole
Number as Constant Sum' Control Style is
selected.
Randomize Option Set Values
Specifying Yes results in randomly ordered
options listed for an Option Set control. Only
applicable to attributes that are of type Option Set.
CSS Class
Adds a custom CSS class name to the control.
Prepopulate field
The following options provide a default value for a field on the form.
111
�Name
Description
Ignore Default Value
Ignores the default value of the specified attribute
field. Useful for attributes that are Two Option
fields that are rendered as Yes and No radio
buttons. Because Dynamics 365 automatically
assigns a value of yes or no by default, this option
makes it possible to display Yes/No questions
without a predefined response.
Type
One of the following:
Value
Today's Date
Current User's Contact
Selecting Value requires a value to be specified in
the Value field that will be assigned to the field
when the form is loaded. Selecting Today's Date
will assign the current date and time to the
attribute field. Selecting Current User's Contact
requires a From Attribute that is an attribute on
the contact entity that will be retrieved from the
current user's contact record and set on the
attribute field specified.
Value
A value to be assigned to the field when the form
is loaded.
From Attribute
An attribute on the contact entity that will be
retrieved from the current portal user's record and
assigned to the field when the form is loaded.
Set value on save
The following options specify a value to be set when the form is saved.
Name
Description
Set Value On Save
Yes indicates that a value should be assigned to
the attribute using the input provided in the Value
field.
Note
All attribute types are supported except the
following: Unique Identifier.
Type
One of the following:
Value
Today's Date
Current User's Contact
112
�Name
Description
Selecting Value requires a value to be specified in
the Value field that will be assigned to the field
when the form is loaded. Selecting Today's Date
will assign the current date and time to the
attribute field. Selecting Current User's Contact
requires a From Attribute that is an attribute on
the contact entity that will be retrieved from the
current user's contact record and set on the
attribute field specified.
Value
Value assigned to the attribute when the form is
being saved.
For Two Option (Boolean) fields use true or false
For Option Set field use the integer value for the
option
For Lookup (EntityReference) fields, use the GUID
Note
If the attribute is also on the form the user's
value will be overwritten with this value.
From Attribute
An attribute on the contact entity that will be
retrieved from the current portal user's record and
assigned to the field during save.
Validation
The following section contains properties that modify various validation parameters and error messages.
For each language pack installed and enabled for the Dynamics 365 organization, a field will be available
to enter the message in the associated language.
Name
Description
Validation Error Message
Overrides the default validation error message for
the field.
Regular Expression
A regular expression to be added to validate the
field.
Regular Expression Validation Error Message
The validation error message to display if the
regular expression validated fails.
Field is Required
Check to make the attribute field required to
contain a value.
Required Field Validation Error Message
Overrides the default required field error message
if the field does not contain a value.
Range Validation Error Message
Overrides the default range validation error
message displayed if the field's value is outside of
the appropriate minimum and maximum values
113
�Name
Description
specified on the entity attribute that are of type
Whole Number, Decimal Number, Floating Point
Number or Currency.
Name
Description
Geolocation Validator Error Message
Applicable if the attribute is a Single Line of Text
and the Control Style specified is Single Line of
Text as Geolocation Lookup Validator then this will
override the default error message displayed if
input validation fails.
Constant Sum Validation Error Message
Applicable if the attribute is a Whole Number type
and the Control Style specified is Group Whole
Number as Constant Sum then this will override
the default error message displayed if input
validation fails.
Multiple Choice Validation Error Message
Applicable if the attribute is a Two Option type and
the Control Style specified is Multiple Choice then
this will override the default error message
displayed if input validation fails.
Rank Order No Ties Validation Error Message
Applicable if the attribute is a Whole Number type
and the Control Style specified is Group Whole
Number as Rank Order No Ties then this will
override the default error message displayed if
input validation fails.
Description and instructions
The following properties specify the location and content of custom description or instructions.
Name
Description
Add Description
Yes results in custom text being displayed on the
form in the position specified.
Position
One of the following:
Above the field
Below the field
Above the label
Use Attribute's Description Property
Select Yes to use the description assigned to the
attribute metadata on the entity. Select 'No' to
provide a custom description. Default: No.
Description
Custom text to be displayed on the form. Used in
conjunction when Use Attribute's Description
Property is set to No. For each language pack
installed and enabled for the Dynamics 365
114
�Name
Description
organization a field will be available to enter the
message in the associated language.
Web form metadata type = section
The following properties are displayed when the Type selected equals Section.
Name
Description
Section Name
The name of the section on the entity's form in
Dynamics 365 to be modified.
Label
Replaces the default label assigned to the section
on the entity with the text specified in this input.
For each language pack installed and enabled for
the Dynamics 365 organization a field will be
available to enter the message in the associated
language.
Web form metadata type = tab
The following properties are displayed when the Type selected equals Tab
Name
Description
Tab Name
The name of the tab on the entity's form in
Dynamics 365 to be modified.
Label
Replaces the default label assigned to the tab on
the entity with the text specified in this input. For
each language pack installed and enabled for the
Dynamics 365 organization a field will be available
to enter the message in the associated language.
Web form metadata type = purchase
The following properties are displayed when the Type selected equals Purchase. These options provide
the necessary details for a Web Form to be able to display products for purchase and to generate a quote
record in Dynamics 365 to persist the user's purchase selections to create an order and process
payment.
Name
Description
Target Entity Relationship Name
Relationship from the web form step target entity
to the purchase entity, if the step target is not the
purchase entity.
Required Products Relationship Name
Relationship from the purchase entity for products
to be purchased that are a required part of the
purchase.
115
�Name
Description
Optional Products Relationship Name
Relationship from the purchase entity for products
to be purchased that are optional (the user must
opt in to purchase these items).
Line Item Relationship Name
Relationship from the purchase entity that defines
purchase line items.
Line Item Product Attribute Name
Purchase line item entity attribute name for
Product lookup. If this value is not present and set,
the corresponding line item will be excluded from
the purchase.
Line Item Description Attribute Name
Purchase line item entity attribute name for
description.
Line Item Quantity Attribute Name
Purchase line item entity attribute name for item
quantity. (Should be a decimal attribute.)
Line Item UoM Attribute Name
Purchase line item entity attribute name for Unit of
Measure lookup.
Line Item Required Attribute Name
Purchase line item entity attribute name for
whether a line item is required.
Line Item Order Attribute Name
Purchase line item entity attribute name for the
order in which a line item should be displayed.
Line Item Instructions Attribute Name
Purchase line item entity attribute name for
instructions.
Quote Name
The name to be used for all purchase quotes
generated by this step.
Requires Shipping
A Boolean value. When checked, forces the
purchase process to collect shipping information.
Note: If a product has a freight weight value then
shipping will be required regardless of this setting.
Fulfill Order on Payment
A Boolean value. Checked indicates that the order
state should be set to Fulfilled when the payment
is verified. Requires Target Entity Order
Relationship Name. If the target entity is
adx_shoppingcart, an order will be created
automatically upon successful payment and
Target Entity Order Relationship Name is not
required.
Create Invoice on Payment
A Boolean value. Checked indicates that an
invoice should be created when the payment is
verified. Requires Target Entity Invoice
Relationship Name, unless the target entity is
adx_shoppingcart, in which case this relationship
is not needed.
Target Entity Order Relationship Name
Relationship from the web form step target entity
to the order entity.
116
�Name
Description
Target Entity Invoice Relationship Name
Relationship from the web form step target entity
to the invoice entity.
See also
Configure a Dynamics 365 portal
Define entity forms and custom logic within the Dynamics 365 portal
Web Form steps for portals
Web Forms metadata for portals
Web Form subgrid configuration for portals
Notes configuration for Web Forms for portals
Web form steps for portals
Applies To: Dynamics 365 (online), Dynamics CRM Online
The Web Form Step provides the flow logic of the form's user experience such as steps and conditional
branching. It also provided details regarding the rendering of a form and additional behavior.
Note
Web Forms persists the history of the steps a user has visited in an object on a Web Form Session
entity. If a Web Form's steps have been modified, previously created history data could now be stale.
Anytime steps are changed, it is recommended that you delete all Web Form Session records to
eliminate miss match between sequence of steps logged in history and the current sequence.
Each Web Form will be presented on the portal has one or more steps. These steps share some common
properties, outlined below. Each Step contains a pointer (a lookup) to the next step, with the exception of
terminal steps. Terminal steps do not have a next time, and are thus the last step of the Web Form (due
to conditional branching, there can be multiple terminal steps)
117
�Name
Description
Name
A title used for reference.
Web Form
The Web Form associated with the current step.
Type
One of the following:
Load Form/Load Tab step type: displays
properties of forms.
Load Form/Load Tab step type: displays
properties of tabs.
Conditional step type: displays properties for
specifying expressions to be evaluated for
conditional branching.
Redirect step type: displays the settings
appropriate for configuring a website
redirection.
For further details on the settings for these web
form step types, please refer to their
corresponding sections below.
Note: The first step cannot be of type
"Condition".
118
�Next Step
The step that will follow the current step. This will
be blank for single step single form.
Target Entity Logical Name
The logical name of the entity associated with the
form.
Move Previous Permitted
Indicates whether the user is given an option to
navigate to the previous step in a multiple step
web form. Default is true. Uncheck to prevent the
user from being able to move to the previous step.
See also
Configure a Dynamics 365 portal
Define entity forms and custom logic within the Dynamics 365 portal
Load Form/Load Tab step type
Redirect step type
Conditional step type
Custom JavaScript
Load form and load tab step type
Applies To: Dynamics 365 (online), Dynamics CRM Online
This step type allows the web form step to act as an entity form within the overall web form process. It
loads a form from Dynamics 365 with a similar set of options available as an Entity Form.
In this topic
Settings
Additional settings
Form options
Associate the current portal user with the creation of a record
Entity reference
Additional functionality
Settings
Name
Description
Name
The descriptive name of the record. Required
Entity Name
The name of the entity from which the form will be
loaded from. Required
Form Name
The name of the Form on the target entity that is
to be rendered. Required
119
�Name
Description
Tab Name
The name of a Tab on a Form for a specified entity
that is to be rendered. Optional
Mode
One of the following values:
Insert
Edit
ReadOnly
Selecting Insert indicates the form should insert a
new record upon submission. Specifying Edit
indicates the form should edit an existing record.
Selecting ReadOnly indicates the form should
display an existing record's noneditable form. Edit
and ReadOnly requires that a source record exist
and parameters specified in the 'Record Source
Type' and 'Record ID Query String Parameter
Name' fields to select the appropriate record when
the form is loaded in the portal.
Auto Generate Steps From Tabs
Checked indicates that multiple tabs on an entity
form will be displayed with each tab as a
sequential step starting with the first tab and
continue until all tabs have been navigated to and
upon final submission a record is inserted.
Unchecked is the default behavior. Unchecked
value indicates that only one tab or form is to be
rendered for the current step. If the Tab Name is
not specified, the first tab is displayed.
Record Source Type
One of the following values:
Query String
Current Portal User
Result From Previous Step
Selecting Query String requires a parameter name
that must be provided in the query string of the
URL to the form. This can be specified in the
'Record ID Query String Parameter Name' field.
Selecting Current Portal User will retrieve the
portal user record for the current authenticated
user.
Selecting Result from previous step will retrieve
the record that was the record source for a
previous step of the web form.
Record ID Query String Parameter Name
A parameter name provided in the query string of
the URL to the Web Page containing this Entity
Form.
Relationship Name
Required when Record Source Type is Record
Associated to Current Portal User. The logical
name of the relationship between the current
portal user record and the target record. This must
120
�Name
Description
return the same entity type specified by the Entity
Name field.
Allow Create If Null
An optional Boolean value available when Record
Source Type is Record Associated to Current
Portal User. Checked indicates that if the related
record does not exist, allow the user to create it
the first time, otherwise an exception will be
thrown if the record does not already exist
because the form needs a record to data-bind to.
Enable Entity Permissions
Will cause the form to respect Entity Permissions.
The default is false for backwards compatibility
reasons. If set to true, explicit permissions are
REQUIRED for any user wanting to access the
form. Note that this only applies to the FIRST step
of a form.
Additional settings
Name
Description
Render Web Resources Inline
Eliminates the iFrame that encompasses a web
resource in a Dynamics 365 entity form.
ToolTips Enabled
The tooltip is set using the description of the
attribute on the target entity.
Show Unsupported Fields
All fields are currently supported. This is reserved
for potential changes Dynamics 365 may make to
field types.
Set Recommended Fields as Required
Makes all attributes required that have the field
requirement level set to 'Business Recommended'.
Make All Fields Required
Makes all fields required regardless of the field
requirement level.
Validation Summary CSS Class
CSS Class name assigned to the validation
summary. Default: 'validation-summary alert alerterror alert-block'
Enable Validation Summary Links
A Boolean value of true or false that indicates
whether anchor links should be rendered in the
validation summary to scroll to the field containing
an error. Default: true
Validation Summary Link Text
The label assigned to the validation summary
links. Default: click here
Instructions
Display a block of text at the top of the form.
Record Not Found Message
Message displayed when the source record
cannot be loaded. Default: "The record you are
looking for could not be found."
121
�Form options
Name
Description
Add Captcha
reCAPTCHA is a free CAPTCHA service used by
the portal to prevent malicious spam attacks. The
service requires a unique key to authenticate
requests for your portal application.
Validation Group
The group name assigned to input controls for
evaluating valid input of named groups.
Previous Button CSS Class
CSS Class name assigned to the Previous button.
Previous Button Text
Label on the previous button.
Next Button CSS Class
CSS Class name assigned to the next button.
Submit Button Text
Label on the next button.
Submit Button CSS Class
CSS Class name assigned to the submit button.
Default: button submit
Submit Button Text
Label on the submit button. Default is 'Submit'
Submit Button Busy Text
Label on the submit button during the running
process. Default: Processing...
Associate the current portal user with the creation of a
record
These options are used to keep track of which portal contact creates a record through the portal UI
Name
Description
Associate Current Portal User
Checked indicates the currently logged in user's
record should be associated with the target entity
record.
Target Entity Portal User Lookup Attribute
The logical name of the attribute on the target
entity that stores the portal user.
Is Activity Party
Boolean value indicating whether the Target Entity
Portal User Lookup Attribute is an Activity Party
type. See ActivityParty entity
Entity reference
The following parameters pertain to setting an entity reference when the form is saved.
This provides a way to associate the current record being created or updated by the form with another
target record. This is useful if you have multiple steps with multiple entity types and wish to relate the
122
�resulting records or if the page is passed a query string of a record ID that you would like associated. For
example we have a careers page that lists job postings, each with a link to an application for the job that
contains the id of the job posting to the application form so that when the application is created the job
posting is associated with the record.
Name
Description
Set Entity Reference On Save
Yes or No. A value of yes indicates that an entity
reference should be assigned when the form is
saved, otherwise none will be set.
Relationship Name
The Relationship Definition Name for a given
relationship between two entity types.
Note
Do not specify a relationship name if you specify
a Target Lookup Attribute Logical Name.
Entity Logical Name
The logical name of the reference entity.
Target Lookup Attribute Logical Name
Logical name of the lookup attribute on the target
entity being created or updated.
Note
Do not specify a relationship name if you specify
a Target Lookup Attribute Logical Name.
Populate Lookup Field
If the lookup regarding the reference entity is on
the form, checking this value will populate the field
on the form with the value retrieved using the
setting below.
Source Type
One of the following values:
Query String
Current Portal User
Result From Previous Step
Selecting Query String requires a parameter name
that must be provided in the query string of the
URL to the form. This can be specified in the
Query String Name field. If this parameter is the
primary key then select Yes for the Query String
Is Primary Key, otherwise select No and provide
the logical name of the attribute on the target
entity to query by specified in the Query Attribute
Logical Name field. Selecting Current Portal User
will retrieve the contact record for the current
authenticated user. Selecting Result From
Previous Step will retrieve the record created as a
123
�Name
Description
result of the step prior to the current step or from a
specific step based on the step associated with
the Entity Source Step.
Reference Entity Step
The Web Form Step record of a previous step to
retrieve the entity created or edited in that step to
associate it with the record for this current step.
Query String Name
Parameter name provided in the Query String of
the URL to the Web Page containing the Web
Form.
Query String Is Primary Key
Yes indicates the Query String value is the
Primary Key value. No indicates the Query String
value is an attribute type other than the Primary
Key.
Query Attribute Logical Name
Logical name of the attribute to query the record.
Show ReadOnly Details
Checked indicates that a form should be rendered
at the top of the page displaying read-only
information pertaining to the reference record.
Requires a Form Name.
Form Name
The name of the form on the reference entity that
should be used to display read-only details.
Additional functionality
Name
Description
Attach File
Check to have the form include a file upload control to
the bottom of the form to allow a file to be attached to
the record.
Allow Multiple Files
A Boolean value that indicates whether the user can
upload more than one file.
Accept
The accept attribute specifies the MIME types of files
that the server accepts through file upload. To specify
more than one value, separate the values with a
comma (for example, audio/*,video/*,image/*).
Label
The text displayed next to the file upload control. For
each language pack installed and enabled for the
Dynamics 365 organization a field will be available to
enter the message in the associated language.
Is Required
Checked makes the attachment of a file required to
proceed.
Required Error Message
The message displayed during form validation if Is
Required is true and the user has not attached a file.
For each language pack installed and enabled for the
124
�Name
Description
Dynamics 365 organization a field will be available to
enter the message in the associated language.
Custom JavaScript
A custom block of JavaScript that will added to the
bottom of the page just before the closing form tag
element. The HTML input id of an entity field is set to
the logical name of the attribute. This makes selecting
a field, setting values, or other client side manipulation
easy with jQuery.
$(document).ready(function() {
$("#address1_stateorprovince").val("Saskatchewan");
});
See also
Configure a Dynamics 365 portal
Define entity forms and custom logic within the Dynamics 365 portal
Web Form steps for portals
Redirect step type
Conditional step type
Custom JavaScript
Redirect step type
Applies To: Dynamics 365 (online), Dynamics CRM Online
The Redirect Step Type allow for a redirect of the User's browser session to another page in the portal or
to an external URL. This is useful for seamlessly directing flow.
Name
Description
External URL
Requires On Success set to Redirect. Specify a
URL to an external resource on the web.
or Web Page
Requires On Success set to Redirect. Select a
Web Page from the current website.
Append Existing Query String
Requires On Success set to Redirect. When
checked the existing query string parameters will
be added to the target URL prior to redirection.
Append Record ID To Query String
Requires On Success set to Redirect. When
checked the ID of the record created is appended
to the query string of the URL being redirected to.
125
�Name
Description
Record ID Query String Parameter Name
Requires On Success set to Redirect. The name
of the ID parameter in the query string of the URL
being redirected to.
Append Custom Query String
Requires On Success set to Redirect. A custom
string that can be appended to the existing Query
String of the redirect URL.
Append Attribute Value to Query String Parameter Name
Requires On Success set to Redirect. A name to
give to the parameter that correlates to the
attribute value on the target entity that gets
appended to the Query String of the redirect URL.
Append Attribute Value to Query String - Attribute
Logical Name
Requires On Success set to Redirect. A logical
name of an attribute on the target entity to get the
value to be appended to the Query String of the
redirect URL.
See also
Configure a Dynamics 365 portal
Define entity forms and custom logic within the Dynamics 365 portal
Web Form steps for portals
Load Form/Load Tab step type
Conditional step type
Custom JavaScript
Conditional step type
Applies To: Dynamics 365 (online), Dynamics CRM Online
A Web Form Step can be a 'Condition' type that indicates the step should evaluate an expression. If the
expression evaluates to true then the next step is displayed. If the expression evaluates to false and if the
'Next Step If Condition Fails' has been specified, that step will be displayed. The current entity is the
target used to evaluate the expression against. Record Source defaults to the Record Source of the
previous step.
Attributes
Name
Description
Condition
The Conditional expression to be evaluated
Next Step if Condition Fails
The Conditional Step Type, unlike all others, has
two Next Step lookups. The default Next Step
lookup will be respected if the condition evaluates
to true. This property sets the next step should the
condition evaluate to false.
126
�The available operands are as follows:
Operand(s)
Type
=, ==
Equals
!=
Not Equals
>
Greater Than
<
Less Than
>=
Greater Than or Equals
<=
Less Than or Equals
&
And
|
Or
!
Not
=*, ==*, -=
Like
!=*
Not Like
Format
The format of the expression is as follows:
[entity attribute logical name] [operand] [value]
Example:
new_categorycode = 750101
A condition can have multiple expressions. You can use parentheses to group nested expressions, for
example:
new_categorycode = 750101 & gendercode = 2
new_categorycode = 750101 & (gendercode = 2 | gendercode = 3)
new_name = Jane Doe
new_twooptionfield = true
new_twooptionfield = false
See also
Configure a Dynamics 365 portal
Define entity forms and custom logic within the Dynamics 365 portal
Web Form steps for portals
Load Form/Load Tab step type
Redirect step type
Custom JavaScript
127
�Custom JavaScript
Applies To: Dynamics 365 (online), Dynamics CRM Online
The Web Form Step record contains a field named Custom JavaScript that can be used to store
JavaScript code to allow you to extend or modify the form's visual display or function.
The custom block of JavaScript will added to the bottom of the page just before the closing form tag
element.
Form fields
The HTML input id of an entity field is set to the logical name of the attribute. This makes selecting a field,
setting values, or other client side manipulation easy with jQuery.
$(document).ready(function() {
$("#address1_stateorprovince").val("Saskatchewan");
});
Additional client-side field validation
Sometimes you may need to customize the validation of fields on the form. The following example
demonstrates adding a custom validator. This particular example forces the user to specify an email only
if the another field for preferred method of contact is set to 'Email'.
if (window.jQuery) {
(function ($) {
$(document).ready(function () {
if (typeof (Page_Validators) == 'undefined') return;
// Create new validator
var newValidator = document.createElement('span');
newValidator.style.display = "none";
newValidator.id = "emailaddress1Validator";
newValidator.controltovalidate = "emailaddress1";
newValidator.errormessage = "Email is a required
field.";
newValidator.validationGroup = ""; // Set this if you have set ValidationGroup on the
form
newValidator.initialvalue = "";
newValidator.evaluationfunction = function () {
var contactMethod = $("#preferredcontactmethodcode").val();
if (contactMethod != 2) return true; // check if contact method is not 'Email'.
// only require email address if preferred contact method is email.
128
�var value = $("#emailaddress1").val();
if (value == null || value == "") {
return false;
} else {
return true;
}
};
// Add the new validator to the page validators array:
Page_Validators.push(newValidator);
// Wire-up the click event handler of the validation summary link
$("a[href='#emailaddress1_label']").on("click", function () {
scrollToAndFocus('emailaddress1_label','emailaddress1'); });
});
}(window.jQuery));
}
General validation
On click of the next/submit button a function named webFormClientValidate is executed. You can
extend this method to add custom validation logic.
if (window.jQuery) {
(function ($) {
if (typeof (webFormClientValidate) != 'undefined') {
var originalValidationFunction = webFormClientValidate;
if (originalValidationFunction && typeof (originalValidationFunction) == "function") {
webFormClientValidate = function() {
originalValidationFunction.apply(this, arguments);
// do your custom validation here
// return false; // to prevent the form submit you need to return false
// end custom validation.
return true;
};
}
}
129
�}(window.jQuery));
}
See also
Configure a Dynamics 365 portal
Define entity forms and custom logic within the Dynamics 365 portal
Web Form steps for portals
Load Form/Load Tab step type
Redirect step type
Conditional step type
Web form metadata for portals
Applies To: Dynamics 365 (online), Dynamics CRM Online
The Web Form Metadata contains additional behavior modification logic to augment or override the
functionality of form fields that is otherwise not possible with Dynamics 365's native entity form editing
capabilities.
On the Web Form Step that has fields that you would like to modify
Click the Metadata link in the top navigation
To add a new record
Click Add New Web Form Metadata
Web form metadata properties
The following attributes provide additional styling and capabilities for elements on a form.
130
�Name
Description
Web Form Step
The Web Form Step associated with the Web
Form Metadata record.
Type
Available options are:
Attribute
Section
Tab
Selecting Attribute as the Type value displays the
appropriate options for modifying fields on the
current form rendered for the related step.
Selecting Section as the Type value displays the
options available for modifying a section on the
form. Selecting Tab as the Type value displays
the options available for modifying a tab on a form.
Web form metadata type = Attribute
The following properties are displayed when the Type selected is 'Attribute'.
Name
Description
Attribute Logical Name
The logical name of the attribute field to be
modified.
Label
Replaces the default label assigned to the attribute
on the entity with the text specified in this input.
For each language pack installed and enabled for
the Dynamics 365 organization a field will be
available to enter the message in the associated
language.
Control style
The following options modify the style and functionality of an attribute's field.
Name
Description
Style
One of the following:
Option Set as Vertical Radio Button List
Option Set as Horizontal Radio Button List
Single Line of Text as Geolocation Lookup
Validator (requires Bing Maps Settings details found here)
131
�Name
Description
Group Whole Number as Constant Sum
(requires Group Name)
Group Whole Number as Rank Order Scale
No Ties (requires Group Name)
Group Whole Number as Rank Order Scale
Allow Ties (requires Group Name)
Multiple Choice Matrix (requires Group Name)
Multiple Choice (requires Group Name)
Group Whole Number as Stack Rank
(requires Group Name)
Group Name
A name used to group controls together as a
composite control.
Multiple Choice Minimum Required Selected
Count
This is the required minimum values selected in
the multiple choice question. Only necessary if
'Multiple Choice' Control Style is selected.
Multiple Choice Max Selected Count
This is the maximum number of values that is
permitted to be selected in the multiple choice
question. Only necessary if 'Multiple Choice'
Control Style is selected.
Constant Sum Minimum Total
This is the required minimum value applied to a
constant sum response field. Only necessary if
'Group Whole Number as Constant Sum' Control
Style is selected.
Constant Sum Maximum Total
This is the maximum number of value that is
permitted to be applied to a constant sum
response field. Only necessary if 'Group Whole
Number as Constant Sum' Control Style is
selected.
Randomize Option Set Values
Specifying Yes results in randomly ordered
options listed for an Option Set control. Only
applicable to attributes that are of type Option Set.
CSS Class
Adds a custom CSS class name to the control.
Prepopulate field
The following options provide a default value for fields on the form.
Name
Description
Ignore Default Value
Ignores the default value of the specified attribute
field. Useful for attributes that are Two Option
fields that are rendered as Yes and No radio
buttons. Because Dynamics 365 automatically
132
�Name
Description
assigns a value of yes or no by default, this option
makes it possible to display Yes/No questions
without a predefined response.
Type
One of the following:
Value
Today's Date
Current User's Contact
Selecting Value requires a value to be specified in
the Value field that will be assigned to the field
when the form is loaded. Selecting Today's Date
will assign the current date and time to the
attribute field. Selecting Current User's Contact
requires a From Attribute that is an attribute on
the contact entity that will be retrieved from the
current user's contact record and set on the
attribute field specified.
Value
A value to be assigned to the field when the form
is loaded.
From Attribute
An attribute on the contact entity that will be
retrieved from the current portal user's record and
assigned to the field when the form is loaded.
Set Value On Save
The following options specify a value to be set when the form is saved.
Name
Description
Set Value On Save
Yes indicates that a value should be assigned to
the attribute using the input provided in the Value
field.
Note
All attribute types are supported except the
following: Unique Identifier.
Type
One of the following:
Value
Today's Date
Current User's Contact
Selecting Value requires a value to be specified in
the Value field that will be assigned to the field
when the form is loaded. Selecting Today's Date
will assign the current date and time to the
133
�Name
Description
attribute field. Selecting Current User's Contact
requires a From Attribute that is an attribute on
the contact entity that will be retrieved from the
current user's contact record and set on the
attribute field specified.
Value
Value assigned to the attribute when the form is
being saved.
For Two Option (Boolean) fields use true or false
For Option Set field use the integer value for the
option
For Lookup (EntityReference) fields, use the GUID
Note
If the attribute is also on the form the user's
value will be overwritten with this value.
From Attribute
An attribute on the contact entity that will be
retrieved from the current portal user's record and
assigned to the field during save.
Validation
The following section contains properties that modify various validation parameters and error messages.
For each language pack installed and enabled for the Dynamics 365 organization, a field will be available
to enter the message in the associated language.
Name
Description
Validation Error Message
Overrides the default validation error message for
the field.
Regular Expression
A regular expression to be added to validate the
field.
Regular Expression Validation Error Message
The validation error message to display if the
regular expression validated fails.
Field is Required
Check to make the attribute field required to
contain a value.
Required Field Validation Error Message
Overrides the default required field error message
if the field does not contain a value.
Range Validation Error Message
Overrides the default range validation error
message displayed if the field's value is outside of
the appropriate minimum and maximum values
specified on the entity attribute that are of type
134
�Name
Description
Whole Number, Decimal Number, Floating Point
Number or Currency.
Name
Description
Geolocation Validator Error Message
Applicable if the attribute is a Single Line of Text
and the Control Style specified is Single Line of
Text as Geolocation Lookup Validator then this will
override the default error message displayed if
input validation fails.
Constant Sum Validation Error Message
Applicable if the attribute is a Whole Number type
and the Control Style specified is Group Whole
Number as Constant Sum then this will override
the default error message displayed if input
validation fails.
Multiple Choice Validation Error Message
Applicable if the attribute is a Two Option type and
the Control Style specified is Multiple Choice then
this will override the default error message
displayed if input validation fails.
Rank Order No Ties Validation Error Message
Applicable if the attribute is a Whole Number type
and the Control Style specified is Group Whole
Number as Rank Order No Ties then this will
override the default error message displayed if
input validation fails.
Description and instructions
The following properties specify the location and content of custom description or instructions.
Name
Description
Add Description
Yes results in custom text being displayed on the
form in the position specified.
Position
One of the following:
Above the field
Below the field
Above the label
Use Attribute's Description Property
Select 'Yes' to use the description assigned to the
attribute metadata on the entity. Select 'No' to
provide a custom description. Default is 'No'.
Description
Custom text to be displayed on the form. Used in
conjunction when Use Attribute's Description
Property is set to 'No'. For each language pack
installed and enabled for the Dynamics 365
135
�Name
Description
organization a field will be available to enter the
message in the associated language.
Web Form metadata type = Section
The following properties are displayed when the Type selected equals 'Section'.
Name
Description
Section Name
The name of the section on the entity's form in
Dynamics 365 to be modified.
Label
Replaces the default label assigned to the section
on the entity with the text specified in this input.
For each language pack installed and enabled for
the Dynamics 365 organization a field will be
available to enter the message in the associated
language.
Web Form metadata type = Tab
The following properties are displayed when the Type selected equals 'Tab'
Name
Description
Tab Name
The name of the tab on the entity's form in
Dynamics 365 to be modified.
Label
Replaces the default label assigned to the tab on
the entity with the text specified in this input. For
each language pack installed and enabled for the
Dynamics 365 organization a field will be available
to enter the message in the associated language.
See also
Configure a Dynamics 365 portal
Define entity forms and custom logic within the Dynamics 365 portal
Web Form properties for portals
Web Form steps for portals
Web Form subgrid configuration for portals
Notes configuration for Web Forms for portals
136
�Web Form subgrid configuration for portals
Applies To: Dynamics 365 (online), Dynamics CRM Online
Web Form Subgrids are configured in an identical fashion to Entity Form Subgrids. First, Create a
Metadata record for the Web Form Step that has a subgrid, and add configuration metadata.
Adding Subgrids to your Managed forms on the portal is easy—just add the subgrid to the Dynamics 365
form that you are managing by using the out-of-the-box Dynamics 365 form designer and you’re done.
The grid will use the view that is specified in the Dynamics 365 form designer, show only related records if
that option was chosen in Dynamics 365, optionally show a search bar, and even respect entity
permissions for portals It doesn't get any simpler to display a read-only list of records. To enable actions
for the grid— Create, Update, Delete, and so on—you must configure those actions by using metadata
configurations.
Adding subgrid metadata to your form
To add Subgrid Metadata to an Entity Form, navigate to Entity Form Metadata by using either the top
drop-down or the subgrid right on the main form of the Define entity forms and custom logic within the
Dynamics 365 portal record that you are working with.
To add a new record, Click Add New Entity Form Metadata
To edit an existing record, double-click on a record in the grid. Selecting Subgrid as the Type value
displays another attribute, "Subgrid Name".
Name
Description
Subgrid Name
The unique name of the subgrid on the entity's
related Dynamics 365 form.
Double clicking on the Sub-Grid in the form editor will display a properties window. This contains a Name
field that should be used to assign to the Subgrid Name field on the Entity Form Metadata record.
137
�Specifying a valid subgrid name will display the subgrid configuration settings. By default, only Basic
Settings are shown. Select Advanced Settings to show additional settings.
By default, most settings are shown collapsed to save space. Click "" to expand a section and see
additional options. Click "" to collapse a section.
138
�Attributes
Name
Description
Basic Settings
View Actions
Allows you to add action buttons for actions that are applicable for the
entity set and will appear above the subgrid. The available actions are:
Create Action
Download Action
Associate Action
Clicking on one of these options displays a configuration area for that
action. See below for details about each action.
Item Actions
Allows you to add action buttons for actions that are applicable for an
individual record and will appear in each row in the subgrid provided the
associated privilege has been granted by the Add record-based security
using entity permissions for portals procedure. The available actions are:
Details Action
Edit Action
Delete Action
Workflow Action
Disassociate Action
Clicking on one of these options displays a configuration area for that
action. See below for details about each action.
Override Column
Attributes
Allows you to override display settings for individual columns in the grid.
1. Attribute - the logical name of the column you wish to override
2. Display Name - a new column title to override the default
3. Width - the width (in either percent or pixels) of the column to
override the default. See also Grid Column Width Style
To override settings on a column, click " Column" (4) and fill in the details.
Advanced Settings
Loading Message
Overrides the default HTML message that appears while the subgrid is
loading.
Error Message
Overrides the default HTML message that appears when an error occurs
while loading the subgrid.
139
�Name
Description
Access Denied Message
Overrides the default HTML message that appears when a user does not
have sufficient permissions to read the entity type associated with the
subgrid.
For information on permissions, see
Empty Message
Overrides the HTML message that appears when the associated subgrid
contains no data.
Lookup Dialog
Controls the settings for the dialog that appears when a user activates the
Associate Action.
Details Form Dialog
Controls the settings for the dialog that appears when a user activates the
Details Action
Edit Form Dialog
Controls the settings for the dialog that appears when a user activates the
Edit Action
Create Form Dialog
Controls the settings for the dialog that appears when a user activates the
Create Action
Delete Dialog
Controls the settings for the dialog that appears when a user activates the
Delete Action
Error Dialog
Controls the settings for the dialog that appears when an error occurs
during any action.
CSS Class
Specify a CSS class or classes that will be applied to the HTML element
that contains the entire subgrid area, including the grid and action buttons.
Grid CSS Class
Specify a CSS class or classes that will be applied to the Subgrid's HTML
element.
Grid Column Width Style
Configures whether the Width values in the Override Column Attributes
are specified in Pixels or Percent.
Create action
Enabling a Create Action renders a button above the Subgrid that, when clicked, pops up a dialog with
an entity form that allows a user to create a new record.
Create Action Settings
Name
Description
Basic Settings
Entity Form
Specifies the entity forms and custom logic that
will be used to create the new record. The dropdown will list all Entity Forms that are configured
for the Subgrid's entity type.
Note: If the Subgrid's entity type has no Entity
Forms, the drop-down will appear empty. If no
Entity Form is supplied for the Create Action it will
be ignored, and the button will not render on the
Subgrid's Entity Form.
140
�Name
Description
Advanced Settings
Button Label
Overrides the HTML label displayed in the Create
Action button above the subgrid.
Button Tooltip
Overrides the tooltip text that appears when the
mouse is hovered over the Create Action button.
Create form dialog (advanced) settings
Name
Description
Loading Message
Overrides the message that appears while the
dialog is loading
Title
Overrides the HTML that appears in the title bar of
the dialog
Dismiss Button Sr Text
Overrides the screen reader text associated with
the dialog's dismiss button.
Size
Specifies the size of the Create Form dialog. The
Options are Default, Large, and Small. For the
Create Form dialog, the default size is Large.
CSS Class
Specify a CSS class or classes that will be applied
to the resulting dialog.
Title CSS Class
Specify a CSS class or classes that will be applied
to the resulting dialog's title bar.
Download action
Enabling a Download Action renders a button above the Subgrid that, when clicked, downloads the data
from the subgrid to an Excel (.xlsx) file.
Download action settings
Name
Description
Basic Settings
None
Advanced Settings
Button Label
Overrides the HTML label displayed in the
Download Action button above the subgrid.
Button Tooltip
Overrides the tooltip text that appears when the
mouse is hovered over the Download Action
button.
141
�Associate action
Enabling an Associate Action displays a button above the subgrid that, when selected, opens a table of
entities that the user can choose to associate to the entity record currently being displayed by the Define
entity forms and custom logic within the Dynamics 365 portal provided the 'Append' and 'AppendTo'
privilege has been granted by Add record-based security using entity permissions for portals for the
applicable entity types.
Associate action settings
Name
Description
Basic Settings
View
Specifies the View (Saved Query) that will be used
to find and display the list of eligible entities.
Note: If the Subgrid's entity type has no Saved
Queries, the drop-down will appear empty. If no
View is supplied for the Associate Action it will be
ignored, and the button will not render on the
Subgrid's Entity Form.
Advanced Settings
Button Label
Overrides the HTML label displayed in the
Associate Action button above the subgrid.
Button Tooltip
Overrides the tooltip text that appears when the
mouse is hovered over the Associate Action
button.
Lookup dialog (advanced) settings
Name
Description
Title
Overrides the HTML that appears in the title bar of
the dialog
Primary Button Text
Overrides the HTML that appears in the Primary
("Add") button on the dialog.
Close Button Text
Overrides the HTML that appears in the Close
("Cancel") button on the dialog.
Dismiss Button Sr Text
Overrides the screen reader text associated with
the dialog's dismiss button.
Size
Specifies the size of the Associate dialog. The
Options are Default, Large, and Small. For the
Associate dialog, the default size is Large.
CSS Class
Specify a CSS class or classes that will be applied
to the resulting dialog.
Title CSS Class
Specify a CSS class or classes that will be applied
to the resulting dialog's title bar.
142
�Name
Description
Primary Button CSS Class
Specify a CSS class or classes that will be applied
to the dialog's Primary ("Add") button.
Close Button CSS Class
Specify a CSS class or classes that will be applied
to the dialog's Close ("Cancel") button.
Select Records Title
Overrides the HTML that appears in the title of the
Record Selection area.
Default Error Message
Overrides the message that appears when an
error occurs while associating the selected entity
or entities.
Grid Options
Specify settings for the appearance of the entity
grid. See below for options.
Lookup dialog (advanced) grid options settings
Name
Description
Loading Message
Overrides the message that appears while the grid
of entities is loading.
Error Message
Overrides the message that appears when an
error occurs while loading the grid of entities
Access Denied Message
Overrides the message that appears when a user
does not have sufficient entity permissions to view
the grid of entities.
Empty Message
Overrides the message that appears when there
are no entities that can be associated with the
current Entity Form.
CSS Class
Specify a CSS class or classes that will be applied
to the associate grid area.
Grid CSS Class
Specify a CSS class or classes that will be applied
to the associate grid's element.
Details action
Enabling a Details Action allows a user to view a read-only entity form that is data-bound to the record of
the subgrid's selected row.
Details Action settings
Name
Description
Basic Settings
Entity Form
Specifies the entity form that will be used to view
the details of the selected record. The drop-down
143
�Name
Description
will list all Entity Forms that are configured for the
Subgrid's entity type.
Note: If the Subgrid's entity type has no Entity
Forms, the drop-down will appear empty. If no
Entity Form is supplied for the Details Action it will
be ignored, and the button will not render in the
Subgrid.
Advanced Settings
Record ID Query String Parameter Name
Specifies the name of the query string parameter
that will be used to select the entity to view in the
selected Entity Form. This should match the value
in that Entity Form's Record ID Query String
Parameter Name. The default value for this field,
both here and in Entity Form configuration, is "id".
Button Label
Overrides the HTML label for this action displayed
in the Subgrid row.
Button Tooltip
Overrides the tooltip text that appears when the
mouse is hovered over the button for this action
displayed in the Subgrid row.
Details form dialog (advanced) settings
Name
Description
Loading Message
Overrides the HTML that appears when the dialog
is loading.
Title
Overrides the HTML that appears in the title bar of
the dialog.
Dismiss Button Sr Text
Overrides the screen reader text associated with
the dialog's dismiss button.
Size
Specifies the size of the Details dialog. The
Options are Default, Large, and Small. For the
Details dialog, the default size is Large.
CSS Class
Specify a CSS class or classes that will be applied
to the resulting dialog.
Title CSS Class
Specify a CSS class or classes that will be applied
to the resulting dialog's title bar.
Edit action
Enabling an Edit Action allows a user to view an editable entity form that is data-bound to the record of
the subgrid's selected row, if the 'Write' privilege has been granted by Add record-based security using
entity permissions for portals.
144
�Edit action settings
Name
Description
Basic Settings
Entity Form
Specifies the entity form that will be used to edit
the selected record. The drop-down will list all
Entity Forms that are configured for the Subgrid's
entity type.
Note: If the Subgrid's entity type has no Entity
Forms, the drop-down will appear empty. If no
Entity Form is supplied for the Edit Action it will be
ignored, and the button will not render in the
Subgrid.
Advanced Settings
Record ID Query String Parameter Name
Specifies the name of the query string parameter
that will be used to select the entity to edit in the
selected Entity Form. This should match the value
in that Entity Form's Record ID Query String
Parameter Name. The default value for this field,
both here and in Entity Form configuration, is "id".
Button Label
Overrides the HTML label for this action displayed
in the Subgrid row.
Button Tooltip
Overrides the tooltip text that appears when the
mouse is hovered over the button for this action
displayed in the Subgrid row.
Edit form dialog (advanced) settings
Name
Description
Loading Message
Overrides the HTML that appears when the dialog
is loading.
Title
Overrides the HTML that appears in the title bar of
the dialog.
Dismiss Button Sr Text
Overrides the screen reader text associated with
the dialog's dismiss button.
Size
Specifies the size of the Edit dialog. The Options
are Default, Large, and Small. For the Edit dialog,
the default size is Large.
CSS Class
Specify a CSS class or classes that will be applied
to the resulting dialog.
Title CSS Class
Specify a CSS class or classes that will be applied
to the resulting dialog's title bar.
145
�Delete action
Enabling a Delete Action allows a user to permanently delete the entity represented by a row in the
subgrid, if the Delete privilege has been granted by Add record-based security using entity permissions
for portals.
Delete action settings
Name
Description
Basic Settings
none
Advanced Settings
Confirmation
Overrides the confirmation HTML message
displayed when the user activates the Delete
Action.
Button Label
Overrides the HTML label for this action displayed
in the Subgrid row.
Button Tooltip
Overrides the tooltip text that appears when the
mouse is hovered over the button for this action
displayed in the Subgrid row.
Delete dialog (advanced) settings
Name
Description
Title
Overrides the HTML that appears in the title bar of
the dialog.
Primary Button Text
Overrides the HTML that appears in the Primary
("Delete") button on the dialog.
Close Button Text
Overrides the HTML that appears in the Close
("Cancel") button on the dialog.
Dismiss Button Sr Text
Overrides the screen reader text associated with
the dialog's dismiss button.
Size
Specifies the size of the Delete Dialog. The
Options are Default, Large, and Small. For the
Delete dialog, the default size is Default.
CSS Class
Specify a CSS class or classes that will be applied
to the resulting dialog.
Title CSS Class
Specify a CSS class or classes that will be applied
to the resulting dialog's title bar.
Primary Button CSS Class
Specify a CSS class or classes that will be applied
to the dialog's Primary ("Delete") button.
146
�Name
Description
Close Button CSS Class
Specify a CSS class or classes that will be applied
to the dialog's Close ("Cancel") button.
Workflow action
Enabling a Workflow Action allows a user to run an On-Demand Workflow against the selected record in
the subgrid. You may add any number of Workflow Actions to the Subgrid Metadata.
Workflow action settings
Name
Description
Basic Settings
Workflow
Specifies the On-Demand Workflow that will run
when the user activates this action.
Note: If the Subgrid's entity type has no
Workflows, the drop-down will appear empty. If no
Workflow is supplied for the Workflow Action it will
be ignored, and the button will not render in the
subgrid.
Button Label
Sets the HTML label for this action displayed in
the Subgrid row. This setting is required.
Advanced Settings
Button Tooltip
Overrides the tooltip text that appears when the
mouse is hovered over the button for this action
displayed in the subgrid row.
Disassociate action
Enabling a Disassociate Action allows a user to remove the link between the record represented by the
currently viewed Define entity forms and custom logic within the Dynamics 365 portal and the record
represented by the selected row in the subgrid, as long as the 'Append' and 'AppendTo' privileges have
been granted by Add record-based security using entity permissions for portals for the applicable entity
types.
Disassociate action settings
Name
Description
Basic Settings
None
Advanced Settings
147
�Name
Description
Button Label
Overrides the HTML label for this action displayed in the
Subgrid row.
Button Tooltip
Overrides the tooltip text that appears when the mouse is
hovered over the button for this action displayed in the subgrid
row.
See also
Configure a Dynamics 365 portal
Define entity forms and custom logic within the Dynamics 365 portal
Web Form properties for portals
Web Form steps for portals
Web Forms metadata for portals
Notes configuration for Web Forms for portals
Notes configuration for web forms for portals
Applies To: Dynamics 365 (online), Dynamics CRM Online
Web Form Notes are configured in an identical fashion to Entity Form Notes. First, Create a Metadata
record for the Web Form Step that has notes, and add configuration metadata. This process is described
here.
Just like with Subgrids, adding notes to your Managed forms on the portal is easy - just add the notes
control to the Dynamics 365 form through the out-of-the-box Dynamics 365 form designer and you’re
done. You can configure the behavior of the notes control by using metadata.
Note
Explicit Add record-based security using entity permissions for portals are required for any notes to
appear on the portal. For read and edit, the 'Read' and 'Write' privileges must be granted. For create,
two permissions must exist, a permission with the 'Create' and 'Append' privileges must be granted for
the note (annotation) entity, the second permission must be assigned to the entity type the note is being
attached to with the 'Append To' privilege granted.
To Edit or Add notes, among other things, you must configure the control using a metadata record.
To add Metadata to an Entity form, navigate to Entity Form Metadata either using the top drop-down or
the subgrid right on the main form of the Entity Form record that you are working with. Then click to add a
new record.
When Creating your record, select Type of Notes. You will then be able to add Note configuration:
148
�Upon adding the Configuration, the Note control will render with the appropriate options enabled on the
portal.
Most settings are shown collapsed to save space by default. Click "" to expand a section and see
additional options. Click "" to collapse a section.
Attributes
Name
Description
Basic Settings
Create Enabled
Enables the ability to add new Notes to the entity.
Create Dialog Options
Contains settings for configuring the dialog when Create Enabled is true.
See Create Dialog Options for more details.
Edit Enabled
Enables the ability to edit existing Notes on the entity.
Edit Dialog Options
Contains settings for configuring the dialog when EditEnabled is true.
See Edit Dialog Options for more details.
Delete Enabled
Enables the ability to delete Notes from the entity.
Delete Dialog Options
Contains settings for configuring the dialog when DeleteEnabled is true.
See Delete Dialog Options for more details.
Advanced Settings
List Title
Overrides the title over the Notes area.
Add Note Button Label
Overrides the label in the Add Notes button.
Note Privacy Label
Overrides the label denoting that a note is Private.
Loading Message
Overrides the message shown while the list of notes is loading.
Error Message
Overrides the message shown when an error occurs while trying to load
the list of notes.
149
�Name
Description
Access Denied Message
Overrides the message shown when the user does not have sufficient
permissions to view the list of notes.
Empty Message
Overrides the message shown when the current entity does not have any
notes that can be viewed.
List Orders
Allows you to set the order in which notes will be displayed.
Attribute - the logical name of the column by which you wish to
sort
Alias - the alias for the attribute in the query
Direction - Choose Ascending (smallest to largest, or first to last),
or Descending (largest to smallest, or last to first).
To add a sorting rule, click " Column" (4) and fill in the details. List Orders
will be processed in order from the top of the list having highest priority.
Create dialog options
Name
Description
Basic Settings
Display Privacy Options Field
Enables a checkbox in the Add Note dialog that
allows the user to mark a note as Private.
Privacy Option Field Default Value
Specifies the default value for the Display Privacy
Options Field checkbox. The default value of this
field is "false".
Display Attach File
Enables a file upload field in the Add Note dialog,
allowing a user to attach a file to a note.
Attach File Accept
The MIME type accepted by the file upload input.
Advanced Settings
Note Field Label
Overrides the label for the Note field in the Add
Note dialog.
Note Field Columns
Sets the cols value in the Note