Administrator's Guide To Portal Capabilities For Microsoft Dynamics 365

User Manual:

Open the PDF directly: View PDF PDF.
Page Count: 328 [warning: Documents this large are best viewed by clicking the View PDF Link!]

1
Administrator’s Guide to Portal Capabilities for
Microsoft Dynamics 365
2
Contents
What’s new .............................................................................................................................................. 11
Privacy notice ....................................................................................................................................... 11
Installation Guide ........................................................................................................................................ 13
Provision a portal ..................................................................................................................................... 13
Before you provision a portal................................................................................................................ 13
Provision a portal .................................................................................................................................. 13
Troubleshoot Provisioning .................................................................................................................... 17
Set up custom domains and SSL certificates for a Dynamics 365 portal ............................................ 18
Enable multiple-language portal support ................................................................................................. 20
Supported languages ........................................................................................................................... 21
Create content in multiple languages ................................................................................................... 22
Configuration Guide .................................................................................................................................... 25
Configure a Dynamics 365 portal ............................................................................................................ 25
Create web roles for portals..................................................................................................................... 26
Attributes and relationships .................................................................................................................. 26
Optional default web role for authenticated users ................................................................................ 27
Optional default web role for unauthenticated users ............................................................................ 27
Enable help for Dynamics 365 portals ................................................................................................. 27
Customize Dynamics 365 portal forms, dashboards, and reports ....................................................... 27
Change the Dynamics 365 instance, audience, or type of portal ......................................................... 28
Manage knowledge articles using content access levels ........................................................................ 29
Create content access levels ............................................................................................................... 29
Assign content access levels to knowledge articles ............................................................................ 29
Assign content access levels to portal users ....................................................................................... 29
Use faceted search to improve portal search .......................................................................................... 30
Enable or disable faceted search ......................................................................................................... 30
Group entities as part of a record type for faceted view ...................................................................... 30
Use faceted search to improve knowledge search results ................................................................... 30
Engage with communities by using the community portal ....................................................................... 31
Set up and moderate forums ................................................................................................................... 32
Create a new forum .............................................................................................................................. 32
Edit an existing forum ........................................................................................................................... 32
Manage forums on a portal .................................................................................................................. 32
Forum attributes used by portals .......................................................................................................... 33
Manage forum threads ............................................................................................................................. 35
Manage forum threads in Microsoft Dynamics 365 .............................................................................. 35
Create forum threads on the portal ...................................................................................................... 36
Forum thread attributes used by portals .............................................................................................. 37
Manage forum thread types in Dynamics 365 ...................................................................................... 38
Forum thread type attributes ................................................................................................................ 38
Configure and manage knowledge categories and articles ..................................................................... 39
3
Create a new knowledge category ....................................................................................................... 39
Associate knowledge articles ............................................................................................................... 39
Delete a knowledge category ............................................................................................................... 39
Configure web roles for a PRM portal ..................................................................................................... 40
Partner administrator ............................................................................................................................ 40
Partner manager .................................................................................................................................. 40
Partner seller ........................................................................................................................................ 40
Create a partner account on a partner relationship management (PRM) portal ..................................... 41
Create a partner account ...................................................................................................................... 41
Associate partner contacts with an account ......................................................................................... 41
Get started with the portal content editor ................................................................................................. 41
Use the content editor toolbar .............................................................................................................. 42
Edit the header ..................................................................................................................................... 42
Add a new webpage ............................................................................................................................. 42
Edit the primary navigation ................................................................................................................... 44
Manage child pages ............................................................................................................................. 44
Delete a page ....................................................................................................................................... 44
Use the front-side editing engine to publish content ............................................................................... 45
Content editor commands and controls ............................................................................................... 45
Create a link ......................................................................................................................................... 47
Link properties and commands ............................................................................................................ 47
Insert an image ..................................................................................................................................... 48
Image properties and commands ......................................................................................................... 48
Browse pages and files by using the file picker ................................................................................... 49
File picker commands .......................................................................................................................... 49
Create a theme for your portal ................................................................................................................. 50
What is Bootstrap? ............................................................................................................................... 50
Implement portal templates by using Bootstrap ................................................................................... 50
Customize Bootstrap ............................................................................................................................ 51
Apply a custom Bootstrap theme to your website ................................................................................ 51
Additional portal theme options ............................................................................................................ 52
Configure site settings for portals ............................................................................................................ 53
Manage site settings in Dynamics 365 ................................................................................................. 53
Configure Dynamics 365 portal authentication ........................................................................................ 54
Place child nodes by using shortcuts for portals ..................................................................................... 54
Manage shortcuts in Dynamics 365 ..................................................................................................... 54
Attributes and relationships .................................................................................................................. 55
Secure shortcuts .................................................................................................................................. 55
Navigate with shortcuts ........................................................................................................................ 56
Register and invite for a portal ................................................................................................................. 56
Local authentication ............................................................................................................................. 56
External authentication ......................................................................................................................... 56
Account sign-up (registration) .............................................................................................................. 57
Configure a contact for use on a portal ................................................................................................... 57
4
Invite contacts to your portals .................................................................................................................. 58
Edit the Send Invitation workflow email template ................................................................................. 58
Create and configure invitations ........................................................................................................... 58
Run the Send Invitation workflow ......................................................................................................... 58
Set authentication identity for a portal ..................................................................................................... 59
Requirements ....................................................................................................................................... 60
Authentication overview ....................................................................................................................... 60
Forgot password or password reset ..................................................................................................... 61
Redeem an invitation ............................................................................................................................ 62
Manage user accounts through profile pages ...................................................................................... 63
Set or change a password .................................................................................................................... 63
Change or confirm an email address ................................................................................................... 63
Change or confirm mobile phone ......................................................................................................... 64
Enable two-factor authentication .......................................................................................................... 64
Manage external accounts ................................................................................................................... 65
Enable ASP.NET identity authentication .............................................................................................. 65
Enable/disable user registration ........................................................................................................... 67
User credential validation ..................................................................................................................... 67
User account lockout settings .............................................................................................................. 68
OAuth2 provider settings for portals ........................................................................................................ 69
Create OAuth applications ................................................................................................................... 69
Create site settings using OAuth2 ........................................................................................................ 71
Open ID Connect provider settings for portals ........................................................................................ 73
OpenID settings for Azure Active Directory .......................................................................................... 74
Create site settings using OpenID ....................................................................................................... 74
WS-Federation provider settings for portals ............................................................................................ 77
Create an AD FS relying party trust ..................................................................................................... 77
WS-Federation settings for Azure Active Directory .............................................................................. 80
SAML 2.0 provider settings for portals .................................................................................................... 81
AD FS (IdP) .......................................................................................................................................... 82
SAML 2.0 settings for Azure Active Directory ...................................................................................... 86
Shibboleth Identity Provider 3 .............................................................................................................. 87
Configure AD FS by using PowerShell ................................................................................................ 89
Facebook App (Page Tab) authentication for portals .............................................................................. 92
Prerequisites......................................................................................................................................... 92
Configure IIS......................................................................................................................................... 92
Configure display mode ........................................................................................................................ 93
Test the site bindings ........................................................................................................................... 93
Set up the Facebook app ..................................................................................................................... 93
Publish the app ..................................................................................................................................... 94
Add the Facebook page tab to your Facebook page ........................................................................... 94
Control webpage access for portals ........................................................................................................ 95
Assign a permission set to a web role for portals .................................................................................... 97
Add record-based security by using entity permissions for portals ......................................................... 98
5
Adding entity permissions to a web role ............................................................................................... 98
Global scope......................................................................................................................................... 99
Contact scope ...................................................................................................................................... 99
Account scope .................................................................................................................................... 100
Self scope ........................................................................................................................................... 100
Parental scope ................................................................................................................................... 100
Attributes and relationships ................................................................................................................ 100
Global permissions for tasks related to leads .................................................................................... 101
Contact-scoped permissions for tasks ............................................................................................... 103
Define entity forms and custom logic within the Dynamics 365 portal .................................................. 104
Add a form to your portal .................................................................................................................... 104
Secure your forms .............................................................................................................................. 105
Web form properties for portals ............................................................................................................. 105
Web form attributes ............................................................................................................................ 106
Progress indicator settings ................................................................................................................. 107
“Save changes” warning ..................................................................................................................... 109
Web form metadata ............................................................................................................................ 109
Web form steps for portals ..................................................................................................................... 117
Load form and load tab step type .......................................................................................................... 119
In this topic ......................................................................................................................................... 119
Settings ............................................................................................................................................... 119
Additional settings .............................................................................................................................. 121
Form options....................................................................................................................................... 122
Associate the current portal user with the creation of a record .......................................................... 122
Entity reference .................................................................................................................................. 122
Additional functionality ........................................................................................................................ 124
Redirect step type .................................................................................................................................. 125
Conditional step type ............................................................................................................................. 126
Attributes ............................................................................................................................................ 126
Format ................................................................................................................................................ 127
Custom JavaScript ................................................................................................................................. 128
Form fields .......................................................................................................................................... 128
Additional client-side field validation .................................................................................................. 128
General validation .............................................................................................................................. 129
Web form metadata for portals .............................................................................................................. 130
Web form metadata properties ........................................................................................................... 130
Web form metadata type = Attribute .................................................................................................. 131
Web Form metadata type = Section ................................................................................................... 136
Web Form metadata type = Tab ........................................................................................................ 136
Web Form subgrid configuration for portals .......................................................................................... 137
Adding subgrid metadata to your form ............................................................................................... 137
Attributes ............................................................................................................................................ 139
Create action ...................................................................................................................................... 140
Download action ................................................................................................................................. 141
6
Associate action ................................................................................................................................. 142
Details action ...................................................................................................................................... 143
Edit action ........................................................................................................................................... 144
Delete action....................................................................................................................................... 146
Workflow action .................................................................................................................................. 147
Disassociate action ............................................................................................................................ 147
Notes configuration for web forms for portals ........................................................................................ 148
Attributes ............................................................................................................................................ 149
Create dialog options ......................................................................................................................... 150
Edit dialog options .............................................................................................................................. 151
Delete dialog options .......................................................................................................................... 152
Add a webpage to render a list of records ............................................................................................. 153
Add an entity list to your portal ........................................................................................................... 154
Entity list attributes and relationships ................................................................................................. 154
Add custom Javascript ....................................................................................................................... 156
Entity list configuration ....................................................................................................................... 157
Securing entity lists ............................................................................................................................ 164
Adding a view details page ................................................................................................................. 164
Entity list filter configuration ................................................................................................................ 166
Entity list map view ............................................................................................................................. 172
Entity list calendar view ...................................................................................................................... 173
Enhanced Dynamics 365 view filter for entity lists ............................................................................. 173
Entity list OData feeds ........................................................................................................................ 173
Create and run advertisements on a portal ........................................................................................... 173
Create and run advertisements .......................................................................................................... 174
Ads ..................................................................................................................................................... 174
Ad placements .................................................................................................................................... 174
Using Liquid templates to place advertisements ................................................................................ 176
Attributes ............................................................................................................................................ 177
Gather feedback by using polls on a portal ........................................................................................... 178
Add a poll to the page ........................................................................................................................ 179
Create a poll placement ..................................................................................................................... 179
Polls .................................................................................................................................................... 180
Poll attributes ...................................................................................................................................... 180
Poll options ......................................................................................................................................... 182
Poll option attributes ........................................................................................................................... 182
Poll submissions ................................................................................................................................. 182
Rate or vote on a webpage or blog post on a portal ............................................................................. 185
Enable page ratings ........................................................................................................................... 185
Use ratings ......................................................................................................................................... 185
Manage ratings in Dynamics 365 ....................................................................................................... 186
Redirect to a new URL on a portal ........................................................................................................ 186
Create a redirect ................................................................................................................................. 187
Use the redirect .................................................................................................................................. 188
7
End User Guide ......................................................................................................................................... 189
Manage portal content ........................................................................................................................... 189
Create forum posts on the portal ........................................................................................................... 189
Create forum posts ............................................................................................................................. 189
Attribute relationships ......................................................................................................................... 190
Moderate forums .................................................................................................................................... 190
Assign moderators to forums in Microsoft Dynamics 365 .................................................................. 191
Forum moderation within the portal .................................................................................................... 191
Manage forum access permissions in Dynamics 365 ........................................................................ 192
Attributes relationships ....................................................................................................................... 194
Subscribe to alerts ................................................................................................................................. 194
Subscribe to alerts in the portal .......................................................................................................... 194
Unsubscribe from alerts in the portal ................................................................................................. 195
Manage forum alerts in Microsoft Dynamics 365 ............................................................................... 195
Attributes relationships ....................................................................................................................... 196
Manage blogs ........................................................................................................................................ 196
Manage blogs in Dynamics 365 ......................................................................................................... 196
Manage blogs on a portal ................................................................................................................... 196
Security ............................................................................................................................................... 197
Blog attributes and relationships ........................................................................................................ 197
Manage blog posts in Dynamics 365 ................................................................................................. 199
Manage blogs posts on a portal ......................................................................................................... 199
Blog post attributes and relationships ................................................................................................ 200
Manage blog post comments on a portal ........................................................................................... 201
Blog post comment attributes and relationships ................................................................................ 201
Crowdsource ideas ................................................................................................................................ 202
Manage idea forums in Microsoft Dynamics 365 ............................................................................... 203
Access permissions ............................................................................................................................ 203
Idea forum attributes and relationships .............................................................................................. 203
Manage ideas in Dynamics 365 ......................................................................................................... 204
Idea attributes and relationships ........................................................................................................ 204
Manage idea comments in Dynamics 365 ......................................................................................... 206
Idea comment attributes and relationships ........................................................................................ 206
Manage idea votes in Dynamics 365 ................................................................................................. 206
Idea vote attributes and relationships ................................................................................................ 206
Create, edit, and distribute opportunities in Dynamics 365 ................................................................... 207
Create an opportunity ......................................................................................................................... 207
Distribute an opportunity .................................................................................................................... 207
Enable partners to view the progress of an opportunity ..................................................................... 208
How partners can collaborate with each other ................................................................................... 208
Partner dashboard contains data on current managed and distributed opportunities ....................... 208
Register a deal for a new or existing opportunity ............................................................................... 209
Approve opportunities registered by a partner ................................................................................... 209
Project Service Automation integration ................................................................................................. 209
8
View projects on the partner portal .................................................................................................... 209
View and approve project quotes on the partner portal ..................................................................... 210
View project invoices on the partner portal ........................................................................................ 210
View project contracts and order forms on the partner portal ............................................................ 211
View confirmed, bookable resources by project and role on the partner portal ................................. 211
Field Service integration ........................................................................................................................ 212
View agreements on the partner portal .............................................................................................. 212
View assets on the partner portal ....................................................................................................... 213
View work orders for field service on the partner portal ..................................................................... 213
View invoices for field service on the partner portal ........................................................................... 214
Automatically distribute opportunities to preferred partners ............................................................... 215
Partner ranking metrics ...................................................................................................................... 215
Partner ranking weights ...................................................................................................................... 216
Manage web links in Dynamics 365 or on portals ................................................................................. 217
Manage web links in Dynamics 365 ................................................................................................... 217
Manage web links in a portal .............................................................................................................. 217
Multilevel web link sets ....................................................................................................................... 217
Web link set attributes and relationships ............................................................................................ 217
Web link attributes and relationships ................................................................................................. 218
Invite contacts to your portals ................................................................................................................ 219
Edit Send Invitation workflow email template ..................................................................................... 220
Create and configure invitations ......................................................................................................... 220
Run the Send Invitation workflow ....................................................................................................... 220
Customization Guide ................................................................................................................................. 222
Customize content by using content snippets ....................................................................................... 222
Edit snippets ....................................................................................................................................... 222
Edit using the front-side editing engine .............................................................................................. 222
Edit by using Dynamics 365 ............................................................................................................... 222
Add dynamic content and create custom templates .............................................................................. 223
In this section ..................................................................................................................................... 223
Store source content by using web templates ....................................................................................... 224
Web template attributes ..................................................................................................................... 224
Web templates as page templates ..................................................................................................... 224
Web templates as website headers and footers ................................................................................ 225
Built-in web templates ........................................................................................................................ 225
Understand Liquid operators ................................................................................................................. 228
Basic operators .................................................................................................................................. 229
contains .............................................................................................................................................. 229
startswith ............................................................................................................................................ 229
endswith ............................................................................................................................................. 229
Liquid types ............................................................................................................................................ 230
String .................................................................................................................................................. 230
Number ............................................................................................................................................... 230
Boolean .............................................................................................................................................. 230
9
Array ................................................................................................................................................... 231
Dictionary............................................................................................................................................ 231
DateTime ............................................................................................................................................ 231
Null ..................................................................................................................................................... 232
Conditional ............................................................................................................................................. 232
Liquid objects ......................................................................................................................................... 233
ads ...................................................................................................................................................... 235
blogs ................................................................................................................................................... 238
entities ................................................................................................................................................ 240
entitylist ............................................................................................................................................... 244
entityview ............................................................................................................................................ 248
events ................................................................................................................................................. 249
forloop ................................................................................................................................................. 250
forums ................................................................................................................................................. 252
page .................................................................................................................................................... 255
polls .................................................................................................................................................... 257
request ................................................................................................................................................ 260
searchindex ........................................................................................................................................ 261
settings ............................................................................................................................................... 262
sitemap ............................................................................................................................................... 263
sitemarkers ......................................................................................................................................... 265
snippets .............................................................................................................................................. 266
tablerowloop ....................................................................................................................................... 266
user ..................................................................................................................................................... 267
weblinks .............................................................................................................................................. 268
website ............................................................................................................................................... 268
Liquid tags.............................................................................................................................................. 271
White space control ............................................................................................................................ 271
Tags ....................................................................................................................................................... 272
Control flow tags ................................................................................................................................. 272
Iteration tags ....................................................................................................................................... 274
Variable tags....................................................................................................................................... 279
Template tags ..................................................................................................................................... 280
Dynamics 365 entity tags ................................................................................................................... 281
Liquid filters ............................................................................................................................................ 292
Array filters ......................................................................................................................................... 292
Date filters .......................................................................................................................................... 298
Entity list filters ................................................................................................................................... 301
Math filters .......................................................................................................................................... 302
String filters......................................................................................................................................... 305
Type filters .......................................................................................................................................... 310
URL filters ........................................................................................................................................... 311
Additional filters .................................................................................................................................. 314
Create advanced templates for portals .................................................................................................. 315
10
Create a custom page template by using Liquid and a web template page template ........................... 316
Create a custom page template to render an RSS feed ....................................................................... 320
Render the entity list associated with the current page ......................................................................... 323
Render a website header and primary navigation bar ........................................................................... 326
Render up to three levels of page hierarchy by using hybrid navigation ............................................... 328
11
What’s new
Applies To: Dynamics 365 (online), Dynamics CRM Online
The December 2016 update has brought many new features to the portal capabilities of Dynamics 365.
These updates allow for better interactions among companies, partners, and customers and make the
experience of navigating the portal faster and easier. Some of the major updates include:
Multiple language support: Support customers from multiple regions by using a single portal.
East Asian language support: Multi-byte languages such as Japanese, Chinese, and Korean
are now supported.
Faceted search: New filters improve how quickly customers can find the content they are looking
for while granting more control over visibility of content.
Product filtering: Portal users can trim access knowledge articles related to their product
ownership to avoid information overload.
Content access levels: A new level of ownership associated with Portal contact, account, or
web role that is used to control access to knowledge articles. Provide the right article for the right
audience and prevent irrelevant articles from surfacing.
Knowledge article reporting enhancement: The portal tracks where a knowledge article was
used in the portal.
Project Service Automation integration: Provide access and visibility for active and closed
projects across all stages of a project lifecycle to partners and customers. Team members,
reviewers, and customers can view project status, quotes, order forums, and bookable resources
on the portal with this solution.
Field Service integration: Expose information about active agreements, assets, work orders,
invoices, and support cases to partners and customers on the portal with this solution.
Partner onboarding: Recruit new partners for better customer sales and service experiences.
Potential partners can apply for partner status through the portal.
Privacy notice
By enabling the portal capabilities for Microsoft Dynamics 365, Dynamics 365 data, such as customer
name, product name, case number, or any custom entity data, can be exposed through an external-facing
Dynamics 365 portal. Any data exposed through the portal is stored in memory in Microsoft Azure Web
Apps for caching and also as files on the local hard drive to enable portal search functionality.
A tenant administrator enables Dynamics 365 portals by configuring it through the Dynamics 365
Administration Center, which also installs a package (with solutions and data) in the selected Dynamics
365 instance. A tenant administrator or a Dynamics 365 user set up as a Portal Administrator can then
specify the data that will be exposed through the portal. To subsequently disable the portal capabilities, a
tenant administrator can cancel the Portal Add-on subscription with Office 365.
Azure components and services that are involved with the portal capabilities are detailed in the following
sections.
Note: For more information about additional Azure service offerings, see the Microsoft Azure Trust
Center.
Azure Web Apps
Azure Web Apps are used to host the portal in Azure.
Azure Traffic Manager
12
Azure Traffic Manager is used to ensure the high availability of the service by routing the user to the Web
Apps that are up and running.
Azure Service Bus
Azure Service Bus (Topics/Subscriptions) is used for cache invalidation of the portals. Azure Service
Bus temporarily stores the messages, which are triggered when any portal-related record is changed in
Dynamics 365, and are passed along to Web Apps to do the cache invalidation.
Azure Key Vault
All services store configuration data in Azure Key Vault.
Azure Storage
Data related to the organization, tenant, and portal is stored in Azure Storage.
Azure Active Directory
All the web services use Azure Active Directory to authenticate.
13
Installation Guide
Provision a portal
Applies To: Dynamics 365 (online), Dynamics CRM Online
Portals are websites that you can customize to provide a more personalized experience to your
customers, partners, or internal employees. Portals integrate with Dynamics 365 to show data from
Dynamics on the portal. By using portals, you can create a variety of experiences where portal users can
perform several tasks. For example:
Customers can submit cases and find knowledge articles
Partners can see and manage sales opportunities
Internal employees can create and see best practices
Note: You must be a Global Administrator role to provision a portal.
Before you provision a portal
You must create portal resources and finish the portal package installation before provisioning a portal.
Create portal resources
1. Go to the Applications page of the Dynamics 365 Administration Center.
2. Under Application, the portal will have the name of “Name-Configuring”.
3. After this task is finished, this will change to “Name”.
Verify completion of the package installation
1. Go to the Applications page of the Dynamics 365 Administration Center.
2. Select the portal, and then select the blue pencil button labeled Manage.
a. If the installation process is not finished, there will be a message at the top stating “This
portal is currently being configured and updates are not allowed. Please try again later.”
b. If the portal resources are created but the package installation is not finished, the
message will instead be “Your Portal URL has been created. However, package
installation is still in progress. Please check status here.”
Provision a portal
To complete provisioning a portal, after you have purchased a new portal license, return to your
Dynamics 365 instance.
1. Go to the Dynamics 365 Administration Center and click the Applications tab.
2. Select the application row titled Portal Add-On and click Manage.
3. In the General Settings section, enter a Name for your portal. The Name will help to identify the
portal and can be changed later.
14
4. The Type field represents the type of portal subscription (Trial or Production). This is a system
field, so it cannot be changed by the user. The value changes based on if it is trial subscription or
paid subscription.
5. In the Portal URL field, enter the subdomain name you want for your portal. You may only use
alphanumeric characters or hyphens (-); other characters are not permitted. After the portal is
provisioned, the URL cannot be changed, but a custom domain name can be used.
6. Use the Dynamics 365 Instance drop-down list to choose which Dynamics 365 instance you
want to link the portal to. Requires System Administrator or System Customizer role in the
Dynamics 365 instance you pick to select it.
7. Choose the default language for your portal from the Select Portal Language drop-down list.
The available languages will depend on the languages that are installed in your Dynamics 365
instance. Sample data is only provided in one language, so choosing a default language will also
decide how the sample data is translated. Arabic and Hebrew are not supported and will not show
up.
8. In the Select Portal Administrator drop-down list, select the Dynamics 365 user who will
configure, customize, and maintain the portal. All Dynamics 365 users who have the System
Administrator role in the organization will show up as options.
9. In the Portal Audience section, choose the type of audience who will visit the new portal. This
will determine what options of portals you will be given. You can choose:
Partner
o Customer Self Service Portal
o Custom Portal
o Partner Portal
Partner Project Service (Optional, requires solutions installed)
Partner Field Service (Optional, requires solutions installed)
o Community Portal
Customer
o Customer Self Service Portal
o Custom Portal
o Community Portal
Employee
o Employee Self Service Portal
Feature
Customer Self-
Service Portal
Partner
Portal
Employee Self-
Service Portal
Community
Portal
World Ready
Multi-Language Support
Portal Administration
Customization and Extensibility
Theming
Content Management
Knowledge Management
15
Feature
Customer Self-
Service Portal
Partner
Portal
Employee Self-
Service Portal
Community
Portal
Support/Case Management
Forums
Faceted Search
Profile Management
Subscribe to Forum Thread
Comments
Azure AD Authentication
Ideas
Blogs
Project Service Automation
Integration
Field Service Integration
Partner Onboarding
Portal Base
Portal Workflows
Web Notifications
Microsoft Identity
Identity Workflows
Web Forms
Feedback
10. In the Select portal to be deployed section, choose what type of portal you want to create. The
options you see are based on the audience you selected.
16
11. Click Submit, and accept the Terms of Service.
You will be redirected to the Microsoft Office 365 sign in page. Select the Dynamics 365 user that
you used to create the portal.
You will be asked to provide consent for the Dynamics 365 portals.
17
After you consent, your portal will begin provisioning. Provisioning usually takes a few hours, but can take
more depending on system load. The Name of the portal on the Application tab will change to “Name-
Configuring” while it is provisioning. Navigate back to the portal management page to check whether
provisioning has succeeded.
Troubleshoot Provisioning
Sometimes the package installation process or URL creation process can error out. In these cases, the
processes can be restarted.
If “Name-Configuring” changes to “Name-Provisioning Failed,you need to restart the provisioning
process.
1. Go to the Applications page and select the portal.
2. Select the blue pencil button labeled Manage.
3. Choose one of the following options:
Restart Provisioning: Restarts the installation process with the configuration that was
previously defined.
Change Values and Restart Provisioning: Lets you change some of the values before
restarting the provisioning process.
18
If the package installation has failed, the Portal administrator page will open without any issues, but
navigating to the actual portal URL will show a message “Getting set up.” To confirm this:
1. Go to the Solution Management page of the Dynamics 365 Administration Center and check that
the package status is “Install Failed.
2. If the package status is “Install Failed,” try retrying the installation from the solution page. Also,
be sure to check that a system administrator in Dynamics 365 is installing the solution with the
default language in Dynamics 365 set to the language the portal should be installed in.
Note
Some solutions have prerequisites for their installation, so an installation will fail if the prerequisites are
not met. For example, to install the Partner Field Service for a partner portal, the Partner Portal and Field
Service solutions must have already been installed. If you attempt to install the Partner Field Service first,
the installation will fail and give you an error message.
Set up custom domains and SSL certificates for a
Dynamics 365 portal
A custom domain can help your customers find your support resources more easily and enhance your
brand. Only one custom domain name can be added to a portal. After you have provisioned your portal
and acquired your domain name, you will need an SSL certificate to set up a custom host name.
19
1. Go to the Dynamics 365 Online Admin center and click the Applications tab.
2. Select the name of the portal you want to set up a custom domain for and click Manage.
3. Click on Portal Actions.
4. Click on Add a Custom Domain Name
After you have purchased an SSL certificate for your domain, you can use it to link your Dynamics 365
portal to a custom domain using the wizard.
1. Click Upload a new certificate if you have not yet uploaded the .pfx file to the organization. Click
the upload button underneath File and select the .pfx file. Next enter the password for your SSL
certificate in the Password field. Otherwise click Use an existing certificate and choose the
correct certificate from the drop-down menu. Be sure that you are using a SHA2 certificate, SHA1
support is being removed from popular browsers.
2. Click Add a new hostname to create a new custom domain. Enter the desired domain name into
the Domain Name field. Otherwise, click Use an existing host name and choose the desired
host name from the drop-down menu. You can only have one custom domain name for a portal.
Note
To create a custom host name, you will need to create a CNAME with your domain provider
that points your domain to the URL of your Dynamics 365 portal.
20
If you have just added a CNAME with your domain provider, it will take some time to propagate
to all DNS servers. If the name is not propagated and you add it here, this will show a message
“Plead add a CNAME record to this domain name.” Retry after some time passes.
3. Review the information you have entered, then click Next to begin creating the SSL Binding.
4. You should see the message “Custom Domain name has been successfully configured for this
Portal. You can now go to {Custom Domain Name} to access this portal.” {Custom Domain
Name} will be a hyperlink to the Custom Portal URL that was just configured. Click Finish to
close the wizard
Enable multiple-language portal support
Applies To: Dynamics 365 (online), Dynamics CRM Online
Business is not confined to a single language. One portal’s surface content can now exist in multiple
languages to reach customers around the world while keeping a single content hierarchy. To enable
multiple languages for a portal, follow these steps after signing in to Dynamics 365:
1. Enable languages in a Dynamics 365 organization.
2. Go to Portals > Website > Websites.
3. Select the website to add language support to.
4. Find the Supported Languages section under the General tab, and click the + button.
5. Fill in the form, including Portal Language (a lookup of languages that are activated in the
organization and are supported by portals) and Publishing State.
21
Supported languages
The table below shows all 43 languages currently available out of the box. This list can be found in
Dynamics 365 by going to Portals > Content > Portal Languages. The Portal Display Name of a
language can be changed after selecting the language to change from this page. Note that the list now
includes East Asian languages (Japanese, Chinese, and Korean).
Name
Language Code
LCID
Portal Display Name
Basque - Basque
eu-ES
1069
euskara
Bulgarian - Bulgaria
bg-BG
1026
български
Catalan - Catalan
ca-ES
1027
català
Chinese - China
zh-CN
2052
中文(中国)
Chinese - Hong Kong SAR
zh-HK
3076
中文(香港特別行政區)
Chinese - Traditional
zh-TW
1028
中文(台灣)
Croatian - Croatia
hr-HR
1050
hrvatski
Czech - Czech Republic
cs-CZ
1029
čeština
Danish - Denmark
da-DK
1030
dansk
Dutch - Netherlands
nl-NL
1043
Nederlands
English
en-US
1033
English
Estonian - Estonia
et-EE
1061
eesti
22
Finnish - Finland
fi-FI
1035
suomi
French - France
fr-FR
1036
français
Galician - Spain
gl-ES
1110
galego
German - Germany
de-DE
1031
Deutsch
Greek - Greece
el-GR
1032
Ελληνικά
Hindi - India
hi-IN
1081
दी
Hungarian - Hungary
hu-HU
1038
magyar
Indonesian - Indonesia
id-ID
1057
Bahasa Indonesia
Italian - Italy
it-IT
1040
italiano
Japanese - Japan
ja-JP
1041
日本語
Kazakh - Kazakhstan
kk-KZ
1087
қазақ тілі
Korean - Korea
ko-KR
1042
한국어
Latvian - Latvia
lv-LV
1062
latviešu
Lithuanian - Lithuania
lt-LT
1063
lietuvių
Malay - Malaysia
ms-MY
1086
Bahasa Melayu
Norwegian (Bokmål) - Norway
nb-NO
1044
norsk bokmål
Polish - Poland
pl-PL
1045
polski
Portuguese - Brazil
pt-BR
1046
português (Brasil)
Portuguese - Portugal
pt-PT
2070
português (Portugal)
Romanian - Romania
ro-RO
1048
română
Russian - Russia
ru-RU
1049
русский
Serbian (Cyrillic) - Serbia
sr-Cyrl-CS
3098
српски
Serbian (Latin) - Serbia
sr-Latn-CS
2074
srpski
Slovak - Slovakia
sk-SK
1051
slovenčina
Slovenian - Slovenia
sl-SI
1060
slovenščina
Spanish (Traditional Sort) - Spain
es-ES
3082
español
Swedish - Sweden
sv-SE
1053
svenska
Thai - Thailand
th-TH
1054
ไทย
Turkish - Turkey
tr-TR
1055
Türkçe
Ukrainian - Ukraine
uk-UA
1058
українська
Vietnamese - Vietnam
vi-VN
1066
Tiếng Việt
Create content in multiple languages
In Dynamics 365, go to Portals > Content > Web Pages to see a list of content. For each web page,
there will be a parent version of the page and a child version of the page for each language activated for
the portal. To add a new localization of the page, navigate to a base page and scroll down to Localized
Content. Click on the + button on the right side to create a look-up for the localized version.
23
If a portal will be in multiple languages, it is best to create the portal after all the languages you want have
been activated in the organization. This will allow for the drop-down menu at the top of the Web Pages
window to be translated into all the chosen languages. If languages are activated after the portal has
been provisioned, this menu will not be translated into the newly activated languages.
Knowledge articles will only be displayed if they have been translated into the language the user sets the
portal to. However, forums and blogs allow for more control over how they are presented in other
languages. After navigating to a forum or blog entity in Dynamics 365, changing the Form Language field
will allow for control over how these entities are translated. If specific languages are defined, it will
function like the knowledge articles. If the field is blank it will be agnostic and show up in all versions of
the portal as the primary language of the organization.
Web link sets are the navigation links at the top of the portal. By navigating to Portals > Content > Web
Link Sets you can control how this content is translated. When a language is active for the portal, a new
set of links will be created for the newly activated language.
24
25
Configuration Guide
Configure a Dynamics 365 portal
Applies To: Dynamics 365 (online), Dynamics CRM Online
Learn how to configure portals and customize Microsoft Dynamics 365. Dynamics 365 portals offer
powerful customization options to:
Modify the behavior or visual style of a portal. More information: Configure site settings for
portals
Add dynamic content to pages and create a wide variety of custom templates. More information:
Add dynamic content and create custom templates
Associate an authenticated portal user with either a Dynamics 365 contact or system user. More
information: Configure a contact for use on a portal
Authenticate portal users by using local user credentials and external identity provider accounts.
A new user can register for an account or redeem an invitation to create an account. More
information: Set authentication identity for a portal
Assign permissions to secure content and allow front-side editing.
Let users add forms to collect data from portals. Entity forms that are created in Dynamics 365
can be added to web pages in portals, or used with subgrids to build complete web applications.
More information: Define entity forms and custom logic within the Dynamics 365 portal
Customize Dynamics 365 to create surveys and customize questions by combining Dynamics
365 native field types with additional metadata.
Create and run advertisements on a portal
Gather feedback by using polls on a portal
Rate or vote on a webpage or blog post on a portal
Redirect to a new URL on a portal
See also
Configure site settings for portals
Place child nodes by using shortcuts for portals
Add dynamic content and create custom templates
Configure Dynamics 365 portal authentication
Set authentication identity for a portal
Define entity forms and custom logic within the Dynamics 365 portal
Add a webpage to render a list of records
Create and run advertisements on a portal
Gather feedback by using polls on a portal
Rate or vote on a webpage or blog post on a portal
Redirect to a new URL on a portal
26
Create web roles for portals
Applies To: Dynamics 365 (online), Dynamics CRM Online
After a contact has been configured to use the portal, it must be given one or more web roles to perform
any special actions or access any protected content on the portal. For example, to access a restricted
page, the contact must be assigned to a role to which read for that page is restricted to. To publish new
content, the contact must be placed in a role which is given content publishing permissions.
To create a web role:
1. Navigate to Portals
2. Click Web Roles
3. Click New
4. Specify values for the fields provided
5. Click Save
Attributes and relationships
The table below explains many of the Web Role attributes used by Dynamics 365 portals.
Name
Description
Name
The descriptive name of the Web Role
Website
The associated website
Description
An explanation of the Web Role's purpose.
Optional.
Authenticated Users Role
Boolean. If set to true, this will be the default web
role for authenticated users (see below).
Note
Only one Web Role with the Authenticated
Users Role attribute set to true should exist for a
given website. This will be the default web role
for authenticated users that have not been
assigned a web role.
Anonymous Users Role
Boolean. If set to true, this will be the default web
role for unauthenticated users (see below).
Note
Only one Web Role with the Anonymous Users
Role attribute set to true should exist for a given
website. This will be the default web role for
unauthenticated users. **The Anonymous
Users Role will only respect Entity
Permissions.
27
Name
Description
Now that the Web Role has been created, you will be able to configure it to meet your needs via various
permissions, rules, and associations.
Optional default web role for authenticated users
By enabling the "Authenticated Users Role", it will become the default web role for all users. This role is
commonly used to provide a predetermined access for users that are not associated to any other roles.
Keep in mind that users can have multiple web roles, but there can only be one Authenticated Users web
role for authenticated users.
Optional default web role for unauthenticated users
The Anonymous Users Role is intended to be used with Entity Permissions. It will not respect any other
rules or permissions. By enabling the "Anonymous Users Role" it will become the default web role for all
users. There can only be one Anonymous Users web role for unauthenticated users.
See also
Control webpage access for portals
Assign permission set to a web role for portals
Add record-based security by using entity permissions for portals
Enable help for Dynamics 365 portals
To make sure users get the right information when they click the Help button, you need to set Dynamics
365 to use custom Help. Go to Settings > Administration, click System Settings, click the General tab,
and select Yes for Use custom Help for customizable entities.
Customize Dynamics 365 portal forms, dashboards,
and reports
If you want to customize any of the portal forms, dashboards, or reports, you can find more information
about customizing Microsoft Dynamics 365 in the following links:
TechNet: Customize your Dynamics 365 system
TechNet: Create and design forms
TechNet: Create and edit dashboards
TechNet: Create and edit processes
TechNet: Report & Analytics with Dynamics 365
28
See also
Configure a Dynamics 365 portal
Change the Dynamics 365 instance, audience, or type
of portal
After your portal is created and provisioned, you can change the details of your Dynamics 365 instance
and portal.
1. Go to the Dynamics 365 Online Admin center and click the Applications tab.
2. Select the name of the portal you want to edit and click Manage.
3. Click the Manage Dynamics 365 Instance tab. On this page, you can review the Dynamics 365
instance that is currently linked to your portal.
4. Click the Update Dynamics 365 Instance button. In the dialog, use the provided fields to change
your Dynamics 365 instance, portal language, or your portal administrator. You can also keep the
same Dynamics 365 instance, but change Portal audience or type of portal.
5. Click the button to confirm your changes.
29
See also
Engage with communities by using the community portal
Configure a Dynamics 365 portal
Manage knowledge articles using content access
levels
Applies To: Dynamics 365 (online), Dynamics CRM Online
Content access levels give another level of control separate from web roles to be able to control access
to knowledge articles in a portal. Content access levels make a well-designed knowledge base more
capable to provide the right content to the right audience. This allows for more structured learning paths
that keep irrelevant content from surfacing.
Create content access levels
1. Log into Dynamics and navigate to Portals > Security > Content Access Levels.
2. Click the New button in the ribbon.
3. Fill in the Name and Description.
4. Change Default Access Level from No to Yes if it should be the default.
5. Click the Save button in the ribbon.
Assign content access levels to knowledge articles
1. Open the Interactive Service Hub.
2. Select the Knowledge Article you wish to edit or create a new article.
3. Click Summary just above the progress bar.
4. Under Related Information (third column) select the symbol that looks like a lock.
5. Press + to add a new Content Access Level or the Trash Can symbol next to a Content Access
Level to remove it.
Assign content access levels to portal users
1. Log into Dynamics and navigate to Portals > Security > Contacts.
2. Select the Contact you wish to edit.
3. Under the Details tab, find the Content Access Levels section.
4. Press + to add a new content access level or the Trash Can symbol next to a content access
level to remove it.
Content access levels can also be inherited to a user if assigned to a Web Role, Parent Contact, or
Account that the user is connected to. This inheritance avoids the need to reassign/update content
30
access levels at an individual level. Web Roles are assigned a content access level by navigating to
Portals > Security > Web Roles and then following the same steps. Accounts are assigned a
content access level by navigating to Sales > Accounts then selecting the account to edit. After the
account is selected, find the Content Access Levels section on the right side of the screen and use
the + and Trash Can buttons to add or remove a content access level.
Use faceted search to improve portal search
Applies To: Dynamics 365 (online), Dynamics CRM Online
Portal content may be searched using filters based on characteristics of the content. Faceted portal
searches allow customers to find their desired content faster than a traditional search through the filters
implemented by this feature.
Enable or disable faceted search
Out-of-the-box faceted search is enabled in your portals. To control and/or enable it follow these steps:
1. Log into Dynamics and navigate to Portals > Website > Site Settings.
2. Locate the Site Setting named Search/FacetedView and select it.
3. Change the Value to True to enable or False to disable Faceted Search.
If you wish to only disable one piece of the Faceted View, then follow these steps instead:
1. Log into Dynamics and navigate to Portals > Web Templates.
2. Select view to disable (i.e. Knowledge Management Top Rated Articles)
3. Click the Deactivate button at the top of the page.
Group entities as part of a record type for faceted view
The site setting Search/RecordTypeFacetsEntities allows you to group similar entities together so users
have logical ways of filtering search results. For example, instead of having separate options for forums,
forum posts, and forum threads; these entities are grouped under the Forums record type.
In Dynamics 365, navigate to Portals > Websites > Site Settings and open the
Search/RecordTypeFacetsEntities site setting. Notice that the different entities are preceded by the
word Forums:. This is because the first value is the name with they are grouped as. This word will be
translated based on the language that is being used on the portal.
Use faceted search to improve knowledge search
results
Faceted search enables portals to have search filters on the left side allowing you to choose between
items like forums, blogs, and knowledge articles. More filters are added for specific search types. For
31
example, knowledge articles can be filtered by Record Type, Modified Date, Rating, and Products to help
customers find the content they need. The right side also has a drop-down box that sorts results based on
the customer’s choice of Relevance or View Count (specific to knowledge articles). Below is a screen
capture with an example of some of the available filters.
Engage with communities by using the
community portal
Applies To: Dynamics 365 (online), Dynamics CRM Online
Keep your customer engagement strong by growing a community, publishing articles, gathering user
feedback, and acting on user-provided ideas. With out-of-the-box solutions available with portals you can:
Allow your users to hold conversations by posting messages on a forum. A forum can contain a
number of topics, also known as threads, and can be replied to by many users. More information: Set
up and moderate forums
Manage multiple corporate or community blogs on a single portal, with multiple authors per blog.
More information: Manage blogs
Engage with and gather feedback from your community, including gather ideas, votes, and comments
on suggestions. More information: Crowdsource ideas
32
See also
Create a theme for your portal
Configure a Dynamics 365 portal
Set up and moderate forums
Applies To: Dynamics 365 (online), Dynamics CRM Online
Forums can be created, edited and deleted within Dynamics 365. To access forums, sign in to Dynamics
365 and go to Community > Forums.
Create a new forum
To create a new forum, click New.
Edit an existing forum
1. Double-click on the Form listed in the grid.
2. Specify values for the fields provided and click Save & Close.
Manage forums on a portal
For portal users with content management permissions, a limited set of properties of forums can be
managed by using the front-side editing engine to publish content. If your user account has been
assigned the necessary permission set, the inline editing interface will appear automatically when you
sign in to the portal.
1. Navigate to the forums parent page within the portal.
2. On the portal inline editing toolbar, click New.
3. Click Child forum.
4. Specify values for the fields provided and click Save.
33
Forum attributes used by portals
The table below explains many of the Forum attributes used by portals. It is important to note that the way
many of the content and display-oriented attributes are rendered is controlled by the page template used,
and thus by the portal developer.
Name
Description
Name
The descriptive name of the entity. This value will
be used as the page title in most templates,
particularly if a Title value is not provided. This
field is required.
Website
The website to which the entity belongs. This field
is required.
Parent Page
The parent webpage of the entity in the website
content hierarchy.
Partial URL
The URL path segment used to build the portal
URL of this forum.
Note
Partial URL values are used as URL path
segments. As such, they should not contain
illegal URL path characters, such as "?", "#", "!",
"%". Because portal URLs are generated by
34
Name
Description
joining together partial URL values with slashes
("/"), they should also not contain slashes.
Note
We recommend you restrict Partial URL values
to letters, numbers, and hyphens or
underscores. For example: "press-releases",
"Users_Guide", "product1".
Display Order
An integer value indicating the order in which the
forum will be placed relative to other forums in a
listing.
Publishing State
The current publishing workflow state of the forum,
which may dictate whether the forum is visible on
the site. The most common use of this feature is to
control whether content is in a published or draft
state.
Note
Users with content management permissions
may be granted the ability to use Preview Mode,
which allows these users to see ("preview")
unpublished content.
Hidden From Sitemap
Controls whether the forum is visible as part of the
portal site map. If this value is selected, the forum
will still be available on the site at its URL, and can
be linked to, but standard navigational elements
such as menus will not include the forum.
Forum Page Template
The page template to be used to render the page
listing the forums on the portal. This field is
required.
Note
The page template assigned should be a
template that a developer has specifically
created to provide the details of a forum.
Selecting a template other than the one
developed for the forum page may produce
erroneous results when viewing the forum's
webpage in the portal.
Thread Page Template
The page template to be used to render each
forum thread page on the portal. This field is
required.
Note
The page template assigned should be a
template that a developer has specifically
created to provide the forum thread details.
Selecting a template other than the one
developed for the forum thread page may
35
Name
Description
produce erroneous results when viewing the
forum thread's webpage in the portal.
Description
Information about the forum.
Thread Count
Number of forum threads within the forum.
Post Count
Number of forum posts created on the forum
threads within the forum.
Last Post
The most recently created forum posts on the
portal.
See also
Manage forum threads
Create forum posts on the portal
Moderate forums
Subscribe to alerts
Manage forum threads
Applies To: Dynamics 365 (online), Dynamics CRM Online
A forum thread (sometimes called a topic) is a collection of posts, usually displayed from oldest to newest.
A thread can contain any number of posts, including multiple posts from the same members, even if they
were added to the thread one after the other. A thread is contained in a forum and may have an
associated date that is taken as the date of the last post. The content or purpose of the thread is identified
by the first post, also known as the original post (OP). When a member posts in a thread, the thread
jumps to the top because it is the latest updated thread. Similarly, other threads will jump to the top when
they receive posts. Sometimes, a member posts in a thread for no reason but to “bump” that thread
(cause it to be displayed as the top thread).. Threads that are important but rarely receive posts are made
“sticky” (or, as it is sometimes called, "pinned"). A sticky thread will always appear in front of normal
threads, often in its own section. A thread's popularity is measured on forums in reply (total posts minus
one, the opening post, in most default forum settings) counts. Some forums also track page views.
Manage forum threads in Microsoft Dynamics 365
You can create, edit, and delete forum threads in Dynamics 365.
Note
Although you can create forum threads in Dynamics 365, we recommend you do this in the portal,
where the process is less involved and ensures the thread is correctly associated with the original forum
post.
1. Login to Dynamics 365
2. Navigate to Community
36
3. Click Forum Threads
Create a new thread
1. Click New
Edit an existing thread
1. Double-click on the Forum Thread listed in the grid
2. Specify values for the fields provided.
Note
You will need to create the original forum posts to be associated with this thread and assign the newly
created forum post record to the First Post and Last Post lookup fields provided.
3. Click Save & Close
Create forum threads on the portal
The forum thread editor will appear automatically when a user has successfully signed in to the portal and
navigated to a forum page, provided the developer has implemented the functionality in the forum's page
template.
1. Navigate to the forum page within the portal that you would like to post a new thread in
2. Specify a Thread Title
3. Specify a Thread Type
4. Compose the content of the thread in the rich text editor
5. Click Create this thread
37
Forum thread attributes used by portals
The table below explains many of the Forum Thread attributes used by Portals. It is important to note that
the way in which many of the content/display-oriented attributes are rendered is controlled by the page
template used.
Name
Description
Name
The descriptive name of the record. This value will
be used as the thread title in most templates. This
field is required.
Forum
The forums associated with the thread.
Type
The forum thread type associated with the thread.
Sticky?
Checked indicates the thread should always
remain at the top of forum's listing of threads, even
if new threads are posted.
Last Post Date
The date and time the last post was created.
Answered?
Checked indicates the thread has been answered.
First Post
The first forum posts created on the thread.
Last Post
The last forum posts created on the thread.
Post Count
The number of posts that have been created on
the thread.
38
Name
Description
View Count
The number of times the thread has been viewed
in the portal.
Manage forum thread types in Dynamics 365
Create, edit and delete forum thread types
1. Login to Dynamics 365
2. Navigate to Community
3. Click Forum Thread Types
Create a new thread type
1. Click New
Edit an existing thread type
1. Double-click on the Forum Thread Type listed in the grid
2. Specify values for the fields provided
3. Click Save & Close
Forum thread type attributes
The table below explains many of the Forum Thread Type attributes used by portals. It is important to
note that the way in which many of the content/display-oriented attributes are rendered is controlled by
the page template used.
Name
Description
Name
The descriptive name of the record. This value will
be used as the title of the type in the page
templates. This field is required.
Website
The webpages associated with the type.
Requires Answer
Checked indicates that a forum post within the
thread of this type can be marked as an answer.
Display Order
An integer value indicating the order in which the
forum thread type will be placed, relative to other
forum thread types in a listing.
Is Default
Checked indicates that type is to be used as the
default. It is recommended that only one type per
website have this field checked.
39
See also
Setup and moderate forums
Create forum posts on the portal
Moderate forums
Subscribe to alerts
Configure and manage knowledge categories
and articles
Applies To: Dynamics 365 (online), Dynamics CRM Online
Create a new knowledge category
1. On the Interaction Centric Dashboard, click Settings > Service Management.
2. In the Knowledge Base Management section, click Categories.
3. Click the New button.
4. Enter a Name and Description for your category.
5. Choose a Parent Category. If you want this to be a top-level category, leave this field blank.
Associate knowledge articles
To associate a knowledge article with a category, open the Summary tab when viewing a knowledge
article record. In the Related Information section, click the + button. Select the category you want to
associate to the article and click the Associate button.
To remove a category from an article, choose the category you want to remove from the Category
subgrid on the knowledge article record and click the Delete button. When the confirmation message
displays, click the Delete button.
Delete a knowledge category
To delete a category, under Settings > Service Management > Categories, choose the category from
the list view and click the Delete button. Knowledge articles associated with this category will be
disassociated after the category is deleted.
See also
Get started with the portal content editor
Add dynamic content and create custom templates
40
Configure web roles for a PRM portal
Applies To: Dynamics 365 (online), Dynamics CRM Online
Web roles for the PRM portal grant specific access to the different areas of the portal. By assigning the
appropriate roles, you can grant your primary partner contacts the right permissions to manage their team
members and streamline their processes.
Continue for more information on the web roles that are available out-of-the-box.
Partner administrator
Partner administrators are contacts who serve as the primary contact for a partner account. They are
responsible for adding and deactivating their team members and for any administrative activities related
to their partner account information.
Partner administrators can:
View, accept, and reject all distributed opportunities
View, manage, and perform actions on all managed opportunities
Manage partner account information, associated partner contacts, and their web roles
Manage partner contact roles Create and edit customer accounts
Create and edit customer contacts
Create and edit new opportunities
Partner manager
Partner managers are contacts who manage opportunities distributed by the parent company. They are
responsible for accepting or rejecting distributed opportunities and sharing accepted opportunities with
team members.
Partner managers can:
View, accept, and reject all distributed opportunities
View, manage, and perform actions on all managed opportunities
Manage partner account information
Create and edit customer accounts
Create and edit customer contacts
Create and edit new opportunities
Partner seller
Partner sellers are contacts who manage and perform actions on opportunities. They can view and
perform actions on opportunities that are shared with them, but will not be able to view opportunities that
they are not associated with.
Partner Sellers can:
View, manage, and perform actions on managed opportunities that have been shared with them
Create and edit customer accounts
Create and edit customer contacts
Create and edit new opportunities
41
See also
Create a partner account on a partner relationship management (PRM) portal
Create web roles for portals
Assign permission set to a web role for portals
Create a partner account on a partner
relationship management (PRM) portal
Applies To: Dynamics 365 (online), Dynamics CRM Online
You can use partner accounts to keep track of your various partners. We recommend creating a separate
account for each partner so that you can manage each partner organization separately.
Create a partner account
1. Go to Sales > Accounts.
2. Choose New.
3. Fill in your information.
4. In the Partner Details area, use the Classification field and select the Partner classification.
5. Click Save.
Associate partner contacts with an account
Dynamics 365 contacts become partner contacts when they are associated with a partner account. To
associate a contact with a partner account when creating or editing a contact, enter the name of a partner
account in the Account Name field.
Get started with the portal content editor
Applies To: Dynamics 365 (online), Dynamics CRM Online
Dynamics 365 portals offers a powerful suite of editing tools. Users with suitable permissions can add,
modify, or delete webpages and their content without having to directly access the databases and web
servers that physically contain these entities. Editing can be performed in any modern browser and is
accomplished through the use of two powerful yet intuitive tools. More information: Control webpage
access for portals
This document assumes that you have permission to perform these tasks. If you do not, ask your portal
administrator to arrange this for you. The permissions can be assigned to individual pages, so be sure to
specify which pages you will need to edit.
Note
If you are using the sample organization, sign in with administrator as the username and pass@word1
as the password.
42
Use the content editor toolbar
Sign in first. This will enable content editing for users with this permission. A toolbar on the right hand side
allows you to edit the page properties. A blue edit button will appear when the mouse moves over any
content that can be managed by the user.
Option
Description
Preview On/Off
When on, published and unpublished content will
be visible. When off, only published content can
be seen.
Edit
Opens a dialog where one can change the
properties for the current page.
Delete
Deletes the current page.
New
Opens a menu where one can chose to create a
child page, file, event, forum or shortcut.
Children
Opens a dialog containing child records for the
current page where one can reorder, edit, or
delete them.
Edit the header
Place the mouse cursor over the page header and click the blue edit button that appears. This will open a
rich-text editor. Change the header text and click the disk icon to save the changes. More information:
Customize content by using content snippets.
Add a new webpage
To add a new webpage from the portal, click New in the toolbar, and then click Child page in the drop-
down menu. Fill in the properties for the new child page. Click Save to create the new page. The new
page is created as a child of the webpage you were on when you clicked New > Child page.
43
After being redirected to the newly created page. Point to the large rectangular box under the page title
and click the blue edit button that appears. Add some content, and then click the disk icon to save the
changes. More information: Get started with the portal content editor.
Web pages can also be added in Dynamics 365. Translating a webpage is done in Dynamics 365, so
start by navigating to Portals > Web Pages and clicking the +New button. Fill in the form and click Save.
Change the Publishing State from Draft to Published when it is ready for use on the website. The
Localized Content section can be filled in after the webpage is created to create the different translations
needed.
44
Edit the primary navigation
Web link sets are groups of links used for navigation based on location on the webpage. Primary
Navigation is the web link set that you see at the top of every webpage, and it can be edited in the portal
with the system administrator web role.
1. Place the mouse cursor over the primary navigation and click the Edit button that appears.
This will open a dialog with a list of web links that can be reordered or removed, as well as an
option to add new links.
2. Click the row with the green plus icon.
3. Enter the name for the page just created.
4. Set a link to it using the Page field drop-down.
5. Click the Save button for the new link dialog and for the primary navigation dialog.
Manage child pages
From the home page, Click Children in the toolbar. This will open a dialog with a list of all child pages for
the page you were on when you clicked Children. There should be some pages with an icon of an eye
with a line through it. This icon indicates the page is not visible in the site map, but if published it can still
be viewed if linked to directly. As with a web link set, one can reorder, edit, or delete the webpages listed.
Delete a page
Navigate to the page to be deleted and click the Delete button in the toolbar. Click Yes to confirm. When
deleting from the toolbar the pages are placed into a deactivated state instead of being deleted. Any child
pages of the deleted page will also be deactivated.
Note
Certain webpages are important to have for a properly functioning website, for instance, a sign in page
or 404 page. Be sure not to delete these pages, as doing so can cause a website to stop functioning
properly.
45
See also
How to provision a portal
Use the front-side editing engine to publish content
Customize content by using content snippets
Use the front-side editing engine to publish
content
Applies To: Dynamics 365 (online), Dynamics CRM Online
Learn how to use the content editor and edit the content of a webpage: edit text, create links and display
images.
To use the content editor, you need the appropriate permissions and the content to be modified must be
in the page template. To open the content editor, point to the content to be modified, and then click the
blue edit button that appears in the top left corner.
Content editor commands and controls
The editor toolbar has a number of buttons to help with content editing. Move the mouse cursor over a
button to see a tool tip for the buttons function. The table below also has more detail about the available
buttons, listed in the order they appear in the toolbar.
Name
Description
Save
Saves the changes made to the content and
closes the editor.
Cancel All Changes
Discards any changes made and closes the editor.
Toggle Full Screen Mode
Resizes the editor to the size of the containing
browser window.
Note
When in Full Screen Mode, the Save and
Cancel All Changes buttons will not be
available. To save or cancel, click the Toggle
Full Screen Mode button to return to the regular
mode where the buttons are available.
Bold, Italic, Underline, Strikethrough
Makes selected text bold, italic, underline, or
strikethrough as well as newly typed text.
Align Left, Center, Right, Full
Aligns selected text to the left, center, right, or full
as well as newly typed text.
Direction Left to Right, Right to Left
Changes the direction of the written text to be left
to right or right to left.
Edit CSS Style
Opens a dialog to an interface that allows full
control over the CSS styling of selected text as
well as newly typed text.
If you wish to set the style of a single word or
selection of text, simply select the text, then in the
46
Name
Description
Edit CSS Style dialog check the box titled "Insert
span at selection".
Note
Overusing custom styling can greatly reduce the
consistency of the content's look and feel
between pages. It is recommended to use this
method only when absolutely necessary.
Format
Changes the selected text as well as newly typed
text to the pre-defined style selected.
Help
Opens a dialog about TinyMCE.
Cut, Copy, Paste
Cuts, copies, or pastes the selected text to and
from the clipboard.
Paste as Plain Text
Pastes text from the clipboard with all formatting
and styling removed.
Paste from Word
Pastes text from the clipboard while trying to
maintain formatting and styling that originated from
Microsoft Word.
Find, Find/Replace
Opens a dialog for searching content and
optionally replacing found content.
Insert/Remove Bulleted List, Numbered List
Inserts a bulleted or numbered list for selected text
or at the text cursor if the list isn't already present.
If the list is already present, it will be removed.
Decrease, Increase Indent
Reduces or increases the indentation of the text or
a list item.
Block Quote
Places the selected text or newly typed text within
a quote block.
Undo, Redo
Will undo the previous change or redo an undone
change.
Note
Only changes that have been done since the
editor was opened can be undone. Changes that
have been saved or canceled cannot be
undone, or re-done.
Insert/Edit Link
Inserts or edits a hyperlink for selected text. See
Create a Link below for more details about this
feature.
Unlink
Changes a hyperlink back to text.
Insert/Edit Anchor
Inserts or edits an anchor link for selected text.
Insert/Edit Image
Inserts or edits an image into the content. See
Insert an Image below for more details about this
feature.
47
Name
Description
Insert/Edit Embedded Media
Inserts or edits embedded media such as a video
or application.
Cleanup Messy Code
Tries to remove invalid markup that may have
come from pasting.
Edit HTML Source
Opens a dialog containing the HTML source for
the content. The HTML can be directly modified
and updated from this window.
Note
This dialog will not validate the HTML! It is
recommended that only users with knowledge of
HTML use this feature.
Insert/Edit Table to Merge Table Cells
Inserts or edits tables and their rows, cells, and
properties.
Insert Horizontal Line
Inserts a horizontal line at the text cursor.
Remove Formatting
Removes the formatting and styling for the
selected text.
Show/Hide Guidelines/Invisible Elements
Toggles table border guidelines and other invisible
elements on or off.
Subscript, Superscript
Makes selected text subscript or superscript as
well as newly typed text.
Insert Special Character
Opens a dialog containing special characters and
inserts the selected character at the text cursor.
Create a link
From within the content editor, select the text to make a hyperlink for and click the Insert/Edit Link button.
Enter the properties for the hyperlink and click the insert button. Click the save button in the content editor
toolbar to save the change.
Link properties and commands
Name
Description
Link URL
The URL to link to. It can be any properly
formatted URL, external to the website or within
the same website. If within, it can be relative and it
can be looked up using Browse (found just right of
the Link URL field).
Browse
Opens a file picker for the website. The URL for
the selected page or file will be placed into the
Link URL field when selected. See Using the File
Picker.
48
Name
Description
Target
Specifies whether the link will be opened in the
same or a new browser window when clicked. If
not set, the link will open in the same window by
default.
Title
A descriptive title for the hyperlink. Usually
displayed when the mouse cursor hovers on the
hyperlink.
Insert, Update
Makes or updates the hyperlink with the specified
properties and closes the dialog.
Note
Note that the change is only done in the content
editor until the save button has been clicked in
the content editor toolbar.
Cancel
Discards any changes made and closes the
dialog.
Insert an image
From within the content editor, put the text cursor in the place to insert an image and click the Insert/Edit
Image button. Enter the properties for the image and click the insert button. Click the save button in the
content editor toolbar to save the change.
Image properties and commands
Name
Description
Image URL
The URL for the image. It can be any properly
formatted URL to an image, external to the
website or within the same website. It's
recommended that the URL be within. When
within, it can be relative and it can be looked up
using Browse (found just right of the Image URL
field).
Browse
Opens a file picker for the website. The URL for
the selected image file will be placed into the
Image URL field when selected. See Using the
File Picker.
Image Description
Specifies the alt attribute for the image. It's read
by screen readers, and is typically seen when the
image doesn't load properly.
Title
A descriptive title for the hyperlink. Usually
displayed when the mouse cursor hovers on the
image.
49
Name
Description
Preview
Provides a preview of the image being inserted or
updated.
Appearance (Tab)
Provides options for overriding the actual image
properties, its styling, and its placement.
Advanced (Tab)
Provides advanced options that may need page
template support.
Insert, Update
Makes or updates the image with the specified
properties and closes the dialog.
Note
Note that the change is only done in the content
editor until the save button has been clicked in
the content editor toolbar.
Cancel
Discards any changes made and closes the
dialog.
Browse pages and files by using the file picker
The file picker provides a way to browse pages and files that belong to the same website. New files can
be uploaded using the file picker as well. The file picker is available when adding a link or an image
through the content editor. Click on the icon that looks like a Windows Explorer window to open the file
picker. Browse to a page or file using the left tree view and double click the page or file in the right list
view to select it.
To upload new files, navigate to the folder to upload the file to and click the disk icon with a green plus on
it. In the dialog that opens, click Browse and pick a file to upload. Do the same in the next field to add
more than one file. Click Ok and the files will be uploaded.
File picker commands
The table below has more detail about the available buttons, listed in the order they appear in the toolbar.
Name
Description
Back
Move to the folder that was being viewed
previously.
Reload
Refresh the folder's view.
Select file
Use the selected page or file's URL.
Open
View the page or file in a new browser window.
Upload files
Opens a dialog for uploading new files.
Note
Note that new files are uploaded immediately to
the folder when clicking Ok from this dialog.
Copy, Cut
Disabled
50
Name
Description
Remove
Deletes the selected file.
Note
Note that only files can be removed and not
pages. Pages should be removed by using the
delete button in the content publishing toolbar.
Get Info
Displays additional information about the selected
page or file.
Preview with Quick Look
View the file and some information about it in a
small overlay window.
View as icons
Displays the folder contents as icons.
View as list
Displays the folder contents as a table with more
details about each item.
Help
Opens a dialog about elFinder: Web file manager.
See also
How to provision a portal
Get started with the portal content editor
Customize content by using content snippets
Create a theme for your portal
Applies To: Dynamics 365 (online), Dynamics CRM Online
When you build portals with the portal capabilities for with Microsoft Dynamics 365, you'll be using the
Bootstrap front-end framework. By taking advantage of the Bootstrap ecosystem, you can quickly and
easily brand these portals for your organization.
What is Bootstrap?
Bootstrap is a front-end framework that includes CSS and JavaScript components for common web
application interface elements. It includes styles for navigation elements, forms, buttons, and a
responsive grid layout system, which allow site layouts to dynamically adjust to devices that have different
screen sizes, such as phones and tablets. By using the Bootstrap layout system, you can develop a
single site that presents an appropriate interface to all devices your customers might use.
Implement portal templates by using Bootstrap
The templates included with Dynamics 365 portals are implemented by using standard Bootstrap
components, with minimal additional custom styles. So when you implement the templates, you can take
advantage of the Bootstrap customization options. You can customize the theme (fonts, colors, and so
on) quickly, and in a way that is applied consistently across the portal.
51
Customize Bootstrap
Bootstrap supports customization through a set of variables. You can set any or all of these variables to
custom values and then download a custom version of Bootstrap that is compiled based on these values.
The power of Bootstrap variables is that they don't dictate the style of a single element. All styles in the
framework are based on and derived from these values. For example, consider the variable @font-size-
base. This specifies the size that Bootstrap assigns to normal body text. However, Bootstrap also uses
this variable to indicate the font size for headings and other elements. The size for an h1 element may be
defined as 300 percent the size of @font-size-base. By setting this one variable, you control the entire
typographic scale of your portal in a consistent way. Similarly, the @link-color variable controls the color
of hyperlinks. For the color you assign to this value, Bootstrap will define the hover color for links as 15
percent darker than your custom value.
The standard way to create a custom version of Bootstrap is through the official Bootstrap site. However,
due to the popularity of Bootstrap, many third-party sites have also been created for this purpose. These
sites might provide an easier-to-use interface for Bootstrap customization or might provide predesigned
versions of Bootstrap for you to download. The official Bootstrap customizer site provides more
information on Bootstrap customization. The site will always be the most up to date, but currently doesn't
include some UI features like color pickers and live preview.
Apply a custom Bootstrap theme to your website
When you download a customized version of Bootstrap, it contains the following directory structure.
css/ |-- bootstrap.min.css img/
|-- glyphicons-halflings-white.png |-- glyphicons-halflings.png js/ |-- bootstrap.min.js
Or, depending on the customizer application used, it may only contain bootstrap.min.css. Regardless,
bootstrap.min.css is the file that contains your customizations. The other files are the same for all custom
versions of Bootstrap and are already included in your Dynamics 365 portal.
After you have your custom bootstrap.min.css, you can apply it to your portal in one of two ways. If you
are a developer and prefer to work directly with the source code of your application, you can overwrite the
version of bootstrap.min.css included in your application source with your custom version. In most cases,
however, we recommend that you apply your custom Bootstrap theme without modifying your site code
by uploading it as a web file in the Dynamics 365 portals content management system.
1. Sign in to your application as a user with content management permissions. More information:
Assign a permission set to a web role for portals.
2. Go to the Home page of your application.
3. Select Children > Edit this file (the pencil and paper button) for bootstrap.min.css from the
content editing toolbar (found in the upper-right corner of your browser window).
4. Select your custom bootstrap.min.css file, using the Upload File field in the Edit This File dialog
box that appears.
5. Ensure that the Partial URL field is set to bootstrap.min.css. This value indicates to the
Dynamics 365 portal’s framework that it should use your custom version of Bootstrap instead of
the default version included.
6. You may also want to select the Hidden from Sitemap checkbox (selected by default), so that
this file doesn't appear to users in any navigation elements on the site.
7. Save the file.
8. Refresh your page, and your customized styles will appear immediately.
Here, we can see a customized version of Bootstrap applied to the Community portal.
52
Additional portal theme options
In addition to a custom Bootstrap version, Dynamics 365 portals support uploading of your own custom
CSS files into the content management system. This lets you apply additional styling to your portal,
without having to deploy a new version of its code. To do this, follow the procedure described previously
for uploading custom Bootstrap CSS by using a file that contains your own CSS, and then choose a new
Partial URL for this web file. As long as the Partial URL ends in .css, Dynamics 365 portals will
recognize it and apply it to your site.
Along with a customized version of Bootstrap, you can use the content-editing system to add a custom
logo and brand to your portal header. With these simple but powerful options, you're only a few minutes
away from having your Dynamics 365 portals application reflect your brand.
53
See also
Engage with communities by using the community portal
Configure a Dynamics 365 portal
Configure site settings for portals
Applies To: Dynamics 365 (online), Dynamics CRM Online
A Site Setting is a configurable named value that is used by website code to modify the behavior or visual
style of the portal. Typically when a developer creates the website code, they will reference Site Settings
for various components to enable an end user to modify the setting values to alter the website without
having to change the code, recompile, and redeploy the website.
The sample portals that are provided with the installation of Dynamics 365 portals contain several
configurable Site Settings for various styles used to modify many visual elements within the site such as
background style, text color, and layout width.
Manage site settings in Dynamics 365
1. Login to Dynamics 365
2. Go to Portals > Site Settings
3. To create a new setting: Click New
4. To edit an existing setting: Double-click on the Site Setting listed in the grid
5. Specify values for the fields provided
Name
Description
Name
A label referenced by website code to retrieve the
appropriate setting. The name should be unique
for the associated website as the code retrieving
the setting will take the first record found with the
matching name.
Website
The associated website.
Value
The setting.
Description
The purpose of the setting or special instructions.
6. Click Save & Close
See also
How to provision a portal
Configure a Dynamics 365 portal
Configure Dynamics 365 portal authentication
Configure a Dynamics 365 portal
54
Configure Dynamics 365 portal authentication
Define entity forms and custom logic within the Dynamics 365 portal
Configure Dynamics 365 portal authentication
Applies To: Dynamics 365 (online), Dynamics CRM Online
In a portal application, an authenticated portal user is associated with either a Dynamics 365 contact or
system user. The default portals configuration is contact-based. To log in, a contact must have the
appropriate web authentication information configured. Portal users must be assigned to a web roles to
gain permissions beyond unauthenticated users. To configure permissions for a web role, configure its
webpage access and website access control rules.
To take an in-depth look at configuration of out-of-the-box registration modes and invitation model, see
Register and invite for a portal.
See also
Add dynamic content and create custom templates
Set authentication identity for a portal
Define entity forms and custom logic within the Dynamics 365 portal
Place child nodes by using shortcuts for portals
Applies To: Dynamics 365 (online), Dynamics CRM Online
Use shortcuts to place child nodes throughout your portal's sitemap that simply point to other nodes that
exist in your sitemap, or to URLs external to your portal. In other words, webpages, web files, events, and
forums can all be considered "solid" nodes of your portal's sitemap: they are added to your sitemap and
when you navigate to them, you see the actual content of those nodes directly. Shortcuts, on the other
hand, can be considered intangible nodes: they are also added to the sitemap (unlike web links, which
are not), but when you navigate to them, you see the content for the target "solid" node that the shortcut
points to, and that content is rendered by the page template for that node.
Manage shortcuts in Dynamics 365
Creating, editing, and deleting shortcuts can be done within Dynamics 365.
1. Login to Dynamics 365
2. Navigate to Portals > Shortcuts
3. To create a Shortcut: Click New
4. To edit an existing Shortcut: Double-click on the existing Shortcut listed in the grid
5. Enter values for the fields provided
6. Click Save & Close
55
Attributes and relationships
Name
Description
Name
A Descriptive Name for the shortcut. For internal
use only.
Website
The website that the shortcut belongs to.
Parent Page
The parent webpage of the shortcut entity in the
sitemap. The shortcut will be added to the sitemap
as a child of this page.
External URL
Target of the shortcut to a URL of a resource
outside of your organization.
Web Page
Target of the shortcut to an internal webpage.
Web File
Target of the shortcut to a web file.
Event
Target of the shortcut to an event.
Forum
Target of the shortcut to a forum.
Title
The title for the shortcut. This is the name that will
appear in the sitemap and child navigation view
areas. If left blank, the title (or name) of the target
entity will be shown instead.
Description
A description to appear in child nav views.
Optional.
Display Order
The front-side editable order that the shortcut will
appear in sitemap and child nav views, in relation
to other nodes in the site map.
Disable Shortcut Target Validation
If unchecked, the security of the shortcut will be
based on the target. Otherwise, it will be based on
the parent. For more details, see "Security" below.
Note
A shortcut needs only to have one of the 'Target' fields (External URL, Web Page, Survey, Web File,
Event, Forum) assigned a value, and a shortcut will only have one target.
For example, a shortcut does not point at both a Web Page and a survey, or an External URL and a
Web File. If more than one target attribute exists for a shortcut, the shortcut will just take the first one,
ignoring all others. The order of priority for which target will be chosen is reflected on the main
Dynamics 365 shortcut form. So, it will first check if there exists an External URL for the shortcut, and if
there is, then the shortcut's target will be the External URL and all other target attributes will be ignored.
If there is no External URL, then the shortcut will check the Web Page, then the Survey, Web file,
Event, and finally Forum.
Secure shortcuts
Security for shortcuts can be based either on the parent page of the shortcut or on the target of the
shortcut. This will determine whether the shortcut will be visible in the sitemap. Naturally, if security is
56
based off the parent, the write access of the target of the shortcut will still determine whether front-side
editing will function after the shortcut has been used to navigate to the target of the shortcut. Therefore,
shortcut security only affects navigation and edit rights for front-side editing of shortcuts. The security
method used is specific to the shortcut. If you leave the Boolean value Disable Shortcut Target
Validation unselected, the security of the shortcut will be based on the target; otherwise, it will be based
on the parent.
Navigate with shortcuts
After the shortcut entity has been created, it will appear in your website.
In the above example, Basic Site has two additional pages, Page One and Page Two. Page Two Is a
Child of Page One, which is a Child of the Home Page. Additionally, there is a shortcut that is a child of
the Home page which points to Page Two.
See also
Configure a Dynamics 365 portal
Configure site settings for portals
Configure Dynamics 365 portal authentication
Define entity forms and custom logic within the Dynamics 365 portal
Manage web links in Dynamics 365 or on portals
Register and invite for a portal
Applies To: Dynamics 365 (online), Dynamics CRM Online
The latest portal authentication experience allows portal users to sign in with their choice of a local
contact membership provider based account or an external account based on ASP.NET Identity. Both
local and external account registration can use invitation codes for sign up, as well as the email
confirmation workflow. In addition, portal administrators may choose to enable or disable any combination
of authentication options through portal site settings.
Local authentication
Local authentication is the common forms-based authentication uses the contact records of a Dynamics
365 organization for authentication. To build custom authentication experiences, developers can use the
ASP.Net Identity API to create custom login pages and tools.
External authentication
External authentication is provided by the ASP.NET Identity API. In this case, account credentials and
password management are handled by a third-party identity provider. This includes OpenID based
providers such as Yahoo! and Google and OAuth 2.0 based providers such as Twitter, Facebook, and
Microsoft. Users sign up to the portal by selecting an external identity to register with the portal. After it is
registered, an external identity has access to the same features as a local account.
57
Account sign-up (registration)
Portal administrators have several options for controlling account sign-up behavior. Open registration is
the least restrictive sign-up configuration where the portal allows a user account to be registered by
simply providing a user identity. Alternative configurations may require users to provide an invitation code
or valid email address to register with the portal. Regardless of the registration configuration, both local
and external accounts participate equally in the registration workflow. That is, users have the option to
choose which type of account they want to register.
Open registration
During sign-up, the user has the option of creating a local account (providing a username and password)
or selecting an external identity from a list of identity providers. If an external identity is selected, the user
is required to sign in through the chosen identity provider to prove that they own the external account. In
either case, the user is immediately registered and authenticated with the portal. A new contact record is
created in the Dynamics 365 organization upon sign-up.
With open registration enabled, users are not required to provide an invitation code to complete the sign-
up process.
See also
Configure a contact for use on a portal
Invite contacts to your portals
Set authentication identity for a portal
Configure a contact for use on a portal
Applies To: Dynamics 365 (online), Dynamics CRM Online
After filling out the basic information for a contact in Dynamics 365, (or having a user fill it out the signup
form in a portal), navigate to the web authentication tab on the portal contact form to configure a contact
using local authentication. For details on federated authentication options see Set authentication identity
for a portal. To configure a contact for portals using local authentication, follow these instructions:
1. Enter a username.
2. On the command ribbon, click More Commands > Change Password.
Complete the change password workflow, and the necessary fields will be automatically configured.
When you have done this, your contact will be configured for your portals.
See also
Register and invite for a portal
Invite contacts to your portals
Set authentication identity for a portal
58
Invite contacts to your portals
Applies To: Dynamics 365 (online), Dynamics CRM Online
Use the Dynamics 365 portals invitation feature to invite contacts to your portal through automated
email(s) created in your Dynamics 365 system. The people you invite receive an email, fully customizable
by you, with a link to your portal and an invitation code. This code can be used to gain special access
configured by you. With this feature you have the ability to:
Send Single or Group Invitations
Specify an expiry date if desired
Specify a user or portal contact as the inviter if desired
Automatically assign the invited contact(s) to an account upon invite redemption
Automatically execute a workflow upon invite redemption
Automatically assign the invited contact(s) to a Web Role(s) upon redemption
Invitation redemption can be accomplished using any of our many authentication options. For
documentation regarding portal authentication, see Set authentication identity for a portal and choose the
model applicable to your portal version and configuration. The user will adopt any settings provided by the
administrator upon redemption. An Invite Redemption Activity will be created for the Invite and Contact.
Invitations are sent via the Send Invitation workflow. By default, the workflow creates an email with a
generic message and sends it to the invited Contact's primary email address. The Send Invitation
workflow contains an email template that will need to be edited to contain a specific message for your
portal and the correct hyperlink to your portal's Invite Redemption Page.
Edit the Send Invitation workflow email template
Locate the Send Invitation workflow and deactivate it. After it is deactivated, edit the email template to
send the message you want and provide a link to the Invite Redemption Page of your portal.
Create and configure invitations
To create an Invitation record within Dynamics 365, click the Create Invitation button in the command
bar. The button is available when a single Contact is selected in a Contact View and when viewing a
Contact record. Clicking the button will open a new invitation form for the Contact. Invitations can also be
created via the Invitations View by clicking +New. After the Invitation record has been created the Run
Workflow button will appear enabling you to send the Invitation to the Contact(s).
Run the Send Invitation workflow
The invitation will not be sent to the Contact(s) until the Send Invitation workflow is initiated.
The Invitation Form has the following fields:
Name
Description
Name
A descriptive name for helping recognize the
invitation.
Type
Single or Group. Single will allow only one
contact to be invited and only one redemption.
59
Name
Description
Group allows multiple contacts to be invited and
multiple redemptions.
Owner/Sender
The Dynamics 365 user that will be the sender of
the email when the invitation is sent. This can be
overridden in the Send Invitation workflow if the
created email already contains someone in the
from field.
Invitation Code
A unique code for the invitation that only the
invitee will know. This is automatically generated
when creating a new invitation.
Expiry Date
The date that represents when the invitation will
become invalid for redemption. Optional.
Inviter
Can be used when a contact is the sender of the
invitation. Optional.
Invited Contact(s)
The contact(s) to be invited to a portal.
Assign to Account
An account record to be associated as the
redeeming contact's parent customer when the
invite is redeemed. Optional.
Execute Workflow on Redeeming Contact
A workflow process to be executed when the invite
is redeemed. The workflow will be passed the
redeeming contact as the primary entity. Optional.
Assign to Web Roles
A set of web roles to be associated with the
redeeming contact when the invite is redeemed.
Optional.
Redeemed Contact(s)
The contact(s) that have successfully redeemed
the invitation.
Maximum Redemptions Allowed
The number of times the invitation can be
redeemed. Available for Group type invitations
only.
See also
Register and invite for a portal
Configure a contact for use on a portal
Set authentication identity for a portal
Set authentication identity for a portal
Applies To: Dynamics 365 (online), Dynamics CRM Online
60
Portal capabilities for Microsoft Dynamics 365 provides authentication functionality built on the ASP.NET
Identity API. ASP.NET Identity is in turn built on the OWIN framework, which is also an important
component of the authentication system. The services provided include:
Local (username/password) user sign-in
External (social provider) user sign-in through third party identity providers
Two-factor authentication with email or SMS
Email address confirmation
Password recovery
Invitation code sign-up for registering pre-generated contact records
Requirements
Portal capabilities for Microsoft Dynamics 365 requires
Microsoft Dynamics 365 Portal Base, the Microsoft Identity, and the Microsoft Identity
Workflows solution packages
Authentication overview
Returning portal visitors have the option to authenticate using local user credentials and/or external
identity provider accounts. A new visitor can register for a new user account either by providing a
username/password or by signing-in through an external provider. Visitors who are sent an invitation code
(by the portal administrator) have the option to redeem the code in the process of signing-up for a new
user account.
Related Site Settings:
Authentication/Registration/Enabled
Authentication/Registration/LocalLoginEnabled
Authentication/Registration/ExternalLoginEnabled
Authentication/Registration/OpenRegistrationEnabled
Authentication/Registration/InvitationEnabled
Authentication/Registration/RememberMeEnabled
Authentication/Registration/ResetPasswordEnabled
Sign-in with a local identity or external identity
61
Sign-up with a local identity or external identity
Redeem an invitation code manually
Forgot password or password reset
Returning visitors who require a password reset (and have previously specified an email address on their
user profile) have the option of requesting a password reset token to be sent to their email account. A
reset token allows its owner to choose a new password. Alternatively, the token can be abandoned,
leaving the users original password unmodified.
Related Site Settings:
Authentication/Registration/ResetPasswordEnabled
Authentication/Registration/ResetPasswordRequiresConfirmedEmail
Related Processes:
Send Password Reset To Contact
1. Customize the email in the workflow as necessary
2. Submit email to invoke process
3. Visitor prompted to check email
4. Process: Send Password Reset To Contact
5. Password reset email with instructions
6. Visitor returns to the reset form
7. Password reset complete
62
Redeem an invitation
Redeeming an invitation code allows a registering visitor to be associated to an existing contact record
that was prepared in advance specifically for that visitor. Typically, the invitation codes are sent out by
email but a general code submission form is available for codes sent though other channels. After a valid
invitation code is submitted, the normal user registration (sign-up) process takes place to setup the new
user account. More information: Register and invite for a portal.
Related Site Settings:
Authentication/Registration/InvitationEnabled
Related Processes:
Send Invitation
Note: the email sent by this workflow must be customized with the URL to the redeem invitation
page on the portal.
http://portal.contoso.com/register/?returnurl=%2f&invitation={Invitation Code(Invitation)}
1. Create invitation for a new contact
2. Customize and save the new invitation
3. Process: Send Invitation
4. Customize the invitation email
5. Invitation email opens the redemption page
6. Sign-up using the submitted invitation code
63
Manage user accounts through profile pages
Authenticated users manage their user accounts through the Security navigation bar of the profile page.
Users are not limited to the single local account or single external account chosen at user registration
time. Users with an external account may choose to create a local account by applying a username and
password. Otherwise, users who started with a local account can choose to associate multiple external
identities to their account. The profile page is also where the user is reminded to confirm their email
address by requesting a confirmation email to be sent to their email account.
Related Site Settings:
Authentication/Registration/LocalLoginEnabled
Authentication/Registration/ExternalLoginEnabled
Authentication/Registration/TwoFactorEnabled
Authentication/Registration/MobilePhoneEnabled
Set or change a password
A user with an existing local account can apply a new password by providing the original password. A
user without a local account can choose a username and password to set up a new local account. The
username cannot be changed after it is set.
Related Site Settings:
Authentication/Registration/LocalLoginEnabled
1. Create a username and password
2. Change an existing password
Change or confirm an email address
Changing an email address (or setting it for the first time) puts it into an unconfirmed state. The user can
request a confirmation email to be sent to the new email address, including instructions on completing the
email confirmation process.
Related Processes:
Send Email Confirmation To Contact
Customize the email in the workflow as necessary
1. Submit a new email (unconfirmed)
2. Check email for confirmation
64
3. Process: Send Email Confirmation To Contact
4. Customize the confirmation email
5. Click the confirmation link to complete
Change or confirm mobile phone
Changing the mobile phone value occurs slightly differently from changing the email. The new value is
held in a temporary storage without changing the original value. An SMS message containing a security
code is sent to the new mobile phone number. Only after the security code is submitted back to the portal
(and verified) is the old mobile number replaced with the new value.
Related Processes:
Authentication/Registration/MobilePhoneEnabled
Related Processes:
Send Sms Confirmation To Contact
Note: the workflow for this process contains a temporary step that sends the security code by
email. This is a placeholder step that needs to be replaced by a new step capable of sending
SMS messages.
1. Submit new mobile phone (unconfirmed)
2. Wait for SMS with security code
3. Process: Send Sms Confirmation To Contact
4. Replace this email step with SMS step
5. After submitting a valid security code
Enable two-factor authentication
The two-factor authentication feature increases user account security by requiring proof of ownership of a
confirmed email or mobile phone in addition to the standard local/external account sign-in. A user trying to
sign into an account with two-factor authentication enabled is sent a security code to the confirmed email
or mobile phone associated to their account. The security code must be submitted to complete the sign-in
process. A user can choose to remember the browser that successfully passes the verification such that
the security code is not required for subsequent sign-ins from the same browser.
Each user account enables this feature individually and requires either a confirmed email or confirmed
mobile phone. User accounts with both may choose which method to receive the security code.
Related Site Settings:
Authentication/Registration/TwoFactorEnabled
Authentication/Registration/RememberBrowserEnabled
Related Processes:
Send Email Two Factor Code To Contact
Send Sms Two Factor Code To Contact
1. Enable two-factor authentication
65
2. Choose to receive security code by email or SMS
3. Wait for email/SMS with security code
4. Process: Send Email Two Factor Code To Contact
5. Process: Send Sms Two Factor Code To Contact
6. Two-factor authentication can be disabled
Manage external accounts
An authenticated user may connect (register) multiple external identities to their user account one from
each of the configured identity providers. After the identities are connected, the user may choose to sign
in with any of the connected identities. Existing identities can also be disconnected, as long as a single
external or local identity remains.
Related Site Settings:
Authentication/Registration/ExternalLoginEnabled
External Identity Provider Site Settings
1. Select a provider to connect
2. Sign-in with provider to connect
3. Provider is connected
4. Provider can be disconnected
Enable ASP.NET identity authentication
The following describes the settings for enabling/disabling various authentication features and behaviors:
Site Setting Name
Description
66
Authentication/Registration/LocalLoginEnabled
Enables or disables local account sign-in based on
a username (or email) and password. Default:
false
Authentication/Registration/LocalLoginByEmail
Enables or disables local account sign-in using an
email address field instead of a username field.
Default: false
Authentication/Registration/ExternalLoginEnabl
ed
Enables or disables external account sign-in and
registration. Default: true
Authentication/Registration/RememberMeEnabled
Enables or disables a "Remember Me?" checkbox
on local sign-in to allow authenticated sessions to
persist even when the web browser is closed.
Default: true
Authentication/Registration/TwoFactorEnabled
Enables or disables the option for users to enable
two-factor authentication. Users with a confirmed
email address or confirmed mobile number can opt
into the added security of two-factor
authentication. Default: false
Authentication/Registration/MobilePhoneEnabled
Enables or disables the option to add and confirm
a mobile phone number. When enabled, it is also
necessary to update the Send Sms Confirmation To
Contact process in Dynamics 365 such that the
workflow is able to send out SMS messages.
Default: false
Authentication/Registration/RememberBrowserEna
bled
Enables or disables a "Remember Browser?"
checkbox on second-factor validation (email/SMS
code) to persist the second-factor validation for the
current browser. The user will not be required to
pass the second-factor validation for subsequent
sign-ins as long as the same browser is being
used. Default: true
Authentication/Registration/ResetPasswordEnabl
ed
Enables or disables the password reset feature.
Default: true
Authentication/Registration/ResetPasswordRequi
resConfirmedEmail
Enables or disables password reset for confirmed
email addresses only. If enabled, unconfirmed
email addresses cannot be used to send password
reset instructions. Default: false
Authentication/Registration/TriggerLockoutOnFa
iledPassword
Enables or disables recording of failed password
attempts. If disabled, user accounts will not be
locked out. Default: true
Authentication/Registration/IsDemoMode
Enables or disables a demo mode flag to be used
in development or demonstration environments
only. Do not enable this setting on production
environments. Demo mode also requires the web
browser to be running locally to the web
application server. When demo mode is enabled,
the password reset code and 2nd-factor code are
displayed to the user for quick access. Default:
false
67
Authentication/Registration/LoginButtonAuthent
icationType
If a portal only requires a single external identity
provider (to handle all authentication), this allows
the Sign-In button of the header nav bar to link
directly to the login page of that external identity
provider (instead linking to the intermediate local
login form and identity provider selection page).
Only a single identity provider can be selected for
this action. Specify the AuthenticationType value
of the provider.
For OAuth2 based providers the accepted values
are: Facebook, Google, Yahoo, Microsoft, LinkedIn,
Yammer, or Twitter
For WS-Federation based providers use the value
specified for the
Authentication/WsFederation/ADFS/Authenticatio
nType and
Authentication/WsFederation/Azure/[provider]/A
uthenticationType site settings. Examples:
http://adfs.contoso.com/adfs/services/trust,
Facebook-0123456789, Google, Yahoo!,
uri:WindowsLiveID.
Enable/disable user registration
The following describes the settings for enabling/disabling user registration (sign-up) options:
Site Setting Name
Description
Authentication/Registration/Enabled
Enables or disables all forms of user
registration. Registration must be enabled for
the other settings in this section to take effect.
Default: true
Authentication/Registration/OpenRegistrationEnabled
Enables or disables the sign-up registration
form for creating new local users. The sign-up
form allows any anonymous visitor to the
portal to create a new user account. Default:
true
Authentication/Registration/InvitationEnabled
Enables or disables the invitation code
redemption form for registering users who
possess invitation codes. Default: true
User credential validation
The following describes the settings for adjusting username and password validation parameters.
Validation occurs when signing up for a new local account or changing a password.
Site Setting Name
Description
Authentication/UserManager/PasswordValidator/Enfor
cePasswordPolicy
Whether the password contains characters
from three of the following categories:
68
1. Uppercase letters of European
languages (A through Z, with diacritic
marks, Greek and Cyrillic characters)
2. Lowercase letters of European
languages (a through z, sharp-s, with
diacritic marks, Greek and Cyrillic
characters)
3. Base 10 digits (0 through 9)
4. Non-alphanumeric characters (special
characters) (for example, !, $, #, %)
Default: true. MSDN.
Authentication/UserManager/UserValidator/AllowOnly
AlphanumericUserNames
Whether to allow only alphanumeric
characters for the user name. Default: false.
MSDN.
Authentication/UserManager/UserValidator/RequireUn
iqueEmail
Whether unique e-mail is needed for validating
the user. Default: true. MSDN.
Authentication/UserManager/PasswordValidator/Requi
redLength
The minimum required password length.
Default: 8. MSDN.
Authentication/UserManager/PasswordValidator/Requi
reNonLetterOrDigit
Whether the password requires a non-letter or
digit character. Default: false. MSDN.
Authentication/UserManager/PasswordValidator/Requi
reDigit
Whether the password requires a numeric digit
('0' - '9'). Default: false. MSDN.
Authentication/UserManager/PasswordValidator/Requi
reLowercase
Whether the password requires a lower case
letter ('a' - 'z'). Default: false. MSDN.
Authentication/UserManager/PasswordValidator/Requi
reUppercase
Whether the password requires an upper case
letter ('A' - 'Z'). Default: false. MSDN.
User account lockout settings
The following describes the settings that define how and when an account becomes locked from
authentication. When a certain number of failed password attempts are detected under a short period of
time, the user account is locked for a period of time. The use can try again after the lockout period
elapses.
Site Setting Name
Description
Authentication/UserManager/UserLockoutEnabledB
yDefault
Indicates whether the user lockout is enabled
when users are created. Default: true. MSDN.
Authentication/UserManager/DefaultAccountLocko
utTimeSpan
The default amount of time that a user is locked
out for after
Authentication/UserManager/MaxFailedAccessAtte
mptsBeforeLockout is reached. Default: 24:00:00 (1
Day). MSDN.
69
Authentication/UserManager/MaxFailedAccessAtte
mptsBeforeLockout
The maximum number of access attempts allowed
before a user is locked out (if lockout is enabled).
Default: 5. MSDN.
Authentication/ApplicationCookie/ExpireTimeSpa
n
The default amount of time cookie authentication
sessions are valid for. Default: 24:00:00 (1 Day).
MSDN.
See also
Configure Dynamics 365 portal authentication
OAuth2 provider settings for portals
Open ID Connect provider settings for portals
WS-Federation provider settings for portals
SAML 2.0 provider settings for portals
Facebook App (Page Tab) authentication for portals
OAuth2 provider settings for portals
Applies To: Dynamics 365 (online), Dynamics CRM Online
The OAuth 2.0 based external identity providers involve registering an "application" with a third-party
service to obtain a "client ID" and "client secret" pair. Often this application requires specifying a redirect
URL that allows the identity provider to send users back to the portal (relying party). The client ID and
client secret are configured as portal site settings in order to establish a secure connection from relying
party to identity provider. The settings are based on the properties of the
MicrosoftAccountAuthenticationOptions, TwitterAuthenticationOptions, FacebookAuthenticationOptions,
and GoogleOAuth2AuthenticationOptions classes.
The supported providers are:
Microsoft Account
Twitter
Facebook
Google
LinkedIn
Yahoo
Create OAuth applications
In general, if an OAuth provider uses app settings that require a redirect URI value, specify
http://portal.contoso.com/or http://portal.contoso.com/signin-[provider] depending on how the
provider performs redirect URI validation (some providers require the full URL path to be specified along
with the domain name). Substitute the name of the provider in place of [provider] in the redirect URI.
Google
Google OAuth2 API Credentials Instructions
70
Open Google Developers Console
Create an API project or open an existing project
Navigate to APIs & auth > APIs
Under Social APIs, click Google+ API then click Enable API
Navigate to APIs & auth > Consent screen
Specify an Email address
Specify a custom Product name
Click Save
Navigate to APIs & auth > Credentials
Create new Client ID
Application Type: Web application
Authorized JavaScript Origins: http://portal.contoso.com
Authorized Redirect URIs: http://portal.contoso.com/signin-google
Click Create Client ID
Facebook app settings
Open Facebook Developers App Dashboard
Click Add a New App
Select Website
Click Skip and Create App ID
Specify a Display Name
Select a Category
Click Create App ID
While on the Dashboard for the new app, navigate to Settings > Basic (tab)
(Optional) App Domains: portal.contoso.com
Contact Email: <email address of your choice>
Click Add Platform and select Website
Site URL: http://portal.contoso.com/ or http://portal.contoso.com/signin-facebook
Click Save Changes
Navigate to Status & Review > Status (tab)
Do you want to make this app an all its features available to the general public? YES
The Contact Email field is required to enable this setting
71
Microsoft application settings
Open Microsoft account Developer Center
Click Create application
Specify an Application name
Click I accept
Navigate to Settings > API settings
Redirect URLs: http://portal.contoso.com/signin-microsoft
Twitter apps settings
Open Twitter Application Management
Click Create New App
Specify a Name and Description
Website: http://portal.contoso.com
Callback URL: http://portal.contoso.com or http://portal.contoso.com/signin-twitter
Click Create your Twitter application
LinkedIn app settings
Open LinkedIn Developer Network
Click Add New Application
Specify an Application Name, Description, etc.
Website URL: http://portal.contoso.com
OAuth User Agreement/Default Scope: r_basicprofie and r_emailaddress
OAuth 2.0 Redirect Urls: http://portal.contoso.com/signin-linkedin
Click Add Application
Yahoo! YDN App settings
Open Yahoo! Developer Network
Click Create an App
Specify an Application Name
Application Type: Web Application
Callback Domain: portal.contoso.com
Click Create App
Create site settings using OAuth2
The application dashboard for each provider will display the client ID (app ID, consumer key) and client
secret (app secret, consumer secret) for each application. Use these two values to configure the portal
site settings.
72
Note
A standard OAuth2 configuration only requires the following settings (choosing Facebook as an
example):
Authentication/OpenAuth/Facebook/ClientId
Authentication/OpenAuth/Facebook/ClientSecret
Substitute the [provider] tag in the site setting name with a specific identity provider name: Facebook,
Google, Yahoo,Microsoft, LinkedIn, or Twitter.
Site Setting Name
Description
Authentication/Registration/ExternalLoginEnabl
ed
Enables or disables external account sign-in and
registration. Default: true
Authentication/OpenAuth/[provider]/ClientId
Required. The client ID value from the provider
application. It may also be referred to as an "App
ID" or "Consumer Key".
The following setting names are allowed for
backwards compatibility:
Authentication/OpenAuth/Twitter/ConsumerKey
Authentication/OpenAuth/Facebook/AppId
Authentication/OpenAuth/LinkedIn/ConsumerKe
y
Authentication/OpenAuth/[provider]/ClientSecre
t
Required. The client secret value from the provider
application. It may also be referred to as an "App
Secret" or "Consumer Secret".
The following setting names are allowed for
backwards compatibility:
Authentication/OpenAuth/Twitter/ConsumerSecret
Authentication/OpenAuth/Facebook/AppSecret
Authentication/OpenAuth/LinkedIn/ConsumerSe
cret
Authentication/OpenAuth/[provider]/Authenticat
ionType
The OWIN authentication middleware type.
Example: yahoo. MSDN:
authenticationoptions.authenticationtype.
Authentication/OpenAuth/[provider]/Scope
A comma separated list of permissions to request.
MSDN:
microsoftaccountauthenticationoptions.scope.
Authentication/OpenAuth/[provider]/Caption
The text that the user can display on a sign in user
interface. MSDN:
microsoftaccountauthenticationoptions.caption.
Authentication/OpenAuth/[provider]/Backchannel
Timeout
Timeout value in milliseconds for back channel
communications. MSDN:
microsoftaccountauthenticationoptions.backchann
eltimeout.
73
Authentication/OpenAuth/[provider]/CallbackPat
h
The request path within the application's base path
where the user-agent will be returned. MSDN:
microsoftaccountauthenticationoptions.callbackpat
h.
Authentication/OpenAuth/[provider]/SignInAsAut
henticationType
The name of another authentication middleware
which will be responsible for actually issuing a
userClaimsIdentity. MSDN:
microsoftaccountauthenticationoptions.signinasaut
henticationtype.
Authentication/OpenAuth/[provider]/Authenticat
ionMode
The OWIN authentication middleware mode.
MSDN:
security.authenticationoptions.authenticationmode.
See also
Configure Dynamics 365 portal authentication
Set authentication identity for a portal
Open ID Connect provider settings for portals
WS-Federation provider settings for portals
SAML 2.0 provider settings for portals
Facebook App (Page Tab) authentication for portals
Open ID Connect provider settings for portals
Applies To: Dynamics 365 (online), Dynamics CRM Online
Note
This documentation applies to Dynamics 365 portals and later versions.
OpenID Connect external identity providers are services that conform to the Open ID Connect
specifications. Integrating a provider involves locating the authority (or issuer) URL associated with the
provider. A configuration URL can be determined from the authority which supplies metadata required
during the authentication workflow. The provider settings are based on the properties of the
OpenIdConnectAuthenticationOptions class.
Examples of authority URLs are:
Google - https://accounts.google.com/https://accounts.google.com/.well-known/openid-configuration
Azure Active Directory - https://login.windows.net/<Azure AD Application>/
Each OpenID Connect provider also involves registering an application (similar to that of an OAuth 2.0
provider) and obtaining a Client Id. The authority URL and the generated application Client Id are the
settings required to enable external authentication between the portal and the identity provider.
Note
74
The Google OpenID Connect endpoint is currently not supported because the underlying libraries are
still in the early stages of release with compatibility issues to address. The OAuth2 provider settings for
portals endpoint can be used instead.
OpenID settings for Azure Active Directory
To get started sign into the Azure Management Portal and create or select an existing directory. When a
directory is available follow the instructions to add an application to the directory.
1. Under the Applications menu of the directory, click the Add button
2. Choose Add an application my organization is developing
3. Specify a custom name for the application and choose the type web application and/or web
API
4. For the Sign-On URL and the App ID URI, specify the URL of the portal for both fields
https://portal.contoso.com/
5. At this point, a new application is created. Navigate to the Configure section in the menu
Under the single sign-on section, update the first Reply URL entry to include a path in the URL
http://portal.contoso.com/signin-azure-ad
This corresponds to the RedirectUri site setting value
Under the properties section, locate the client ID field. This corresponds to the ClientId site
setting value.
6. In the footer menu click the View Endpoints button and note the Federation Metadata
Document field
The left portion of the URL is the Authority value and is in one of the following formats:
https://login.microsoftonline.com/01234567-89ab-cdef-0123-456789abcdef/
https://login.microsoftonline.com/contoso.onmicrosoft.com/
To get the service configuration URL, replace the FederationMetadata/2007-
06/FederationMetadata.xml path tail with the path .well-known/openid-configuration
https://login.microsoftonline.com/contoso.onmicrosoft.com/.well-known/openid-
configuration
This corresponds to the MetadataAddress site setting value
Create site settings using OpenID
Apply portal site settings referencing the above application.
Note
A standard Azure AD configuration only uses the following settings (with example values):
Authentication/OpenIdConnect/AzureAD/Authority - https://login.microsoftonline.com/01234567-89ab-
cdef-0123-456789abcdef/
Authentication/OpenIdConnect/AzureAD/ClientId - fedcba98-7654-3210-fedc-ba9876543210
75
Note, the Client ID and the authority URL do not contain the same value and should be
retrieved separately.
Authentication/OpenIdConnect/AzureAD/RedirectUri - https://portal.contoso.com/signin-azure-ad
Multiple identity providers can be configured by substituting a label for the [provider] tag. Each unique
label forms a group of settings related to an identity provider. Examples: AzureAD, MyIdP
Site Setting Name
Description
Authentication/Registration/ExternalLoginEnabled
Enables or disables external account sign-in
and registration. Default: true
Authentication/OpenIdConnect/[provider]/Authority
Required. The Authority to use when making
OpenIdConnect calls. Example:
https://login.windows.net/contoso.onmicroso
ft.com/. MSDN.
Authentication/OpenIdConnect/[provider]/MetadataAd
dress
The discovery endpoint for obtaining
metadata. Commonly ending with the
path:/.well-known/openid-configuration .
Example:
https://login.windows.net/contoso.onmicroso
ft.com/.well-known/openid-configuration.
MSDN.
Authentication/OpenIdConnect/[provider]/Authentica
tionType
The OWIN authentication middleware type.
Specify the value of the issuer in the service
configuration metadata. Example:
https://sts.windows.net/contoso.onmicrosoft
.com/. MSDN.
Authentication/OpenIdConnect/[provider]/ClientId
Required. The client ID value from the provider
application. It may also be referred to as an
"App ID" or "Consumer Key". MSDN.
Authentication/OpenIdConnect/[provider]/ClientSecr
et
The client secret value from the provider
application. It may also be referred to as an
"App Secret" or "Consumer Secret". MSDN.
Authentication/OpenIdConnect/[provider]/RedirectUr
i
Recommended. The AD FS WS-Federation
passive endpoint. Example:
https://portal.contoso.com/signin-saml2.
MSDN.
Authentication/OpenIdConnect/[provider]/Caption
Recommended. The text that the user can
display on a sign in user interface. Default:
[provider]. MSDN.
Authentication/OpenIdConnect/[provider]/Resource
The 'resource'. MSDN.
Authentication/OpenIdConnect/[provider]/ResponseTy
pe
The 'response_type'. MSDN.
Authentication/OpenIdConnect/[provider]/Scope
A space separated list of permissions to
request. Default: openid. MSDN.
Authentication/OpenIdConnect/[provider]/CallbackPa
th
An optional constrained path on which to
process the authentication callback. If not
provided and RedirectUri is available, this
76
value will be generated from RedirectUri.
MSDN.
Authentication/OpenIdConnect/[provider]/Backchanne
lTimeout
Timeout value for back channel
communications. Example: 00:05:00 (5 mins).
MSDN.
Authentication/OpenIdConnect/[provider]/RefreshOnI
ssuerKeyNotFound
Determines whether a metadata refresh
should be attempted after a
SecurityTokenSignatureKeyNotFoundExceptio
n. MSDN.
Authentication/OpenIdConnect/[provider]/UseTokenLi
fetime
Indicates that the authentication session
lifetime (e.g. cookies) should match that of the
authentication token. MSDN.
Authentication/OpenIdConnect/[provider]/Authentica
tionMode
The OWIN authentication middleware mode.
MSDN.
Authentication/OpenIdConnect/[provider]/SignInAsAu
thenticationType
The AuthenticationType used when creating
the System.Security.Claims.ClaimsIdentity.
MSDN.
Authentication/OpenIdConnect/[provider]/PostLogout
RedirectUri
The 'post_logout_redirect_uri'. MSDN.
Authentication/OpenIdConnect/[provider]/ValidAudie
nces
Comma-separated list of audience URLs.
MSDN.
Authentication/OpenIdConnect/[provider]/ValidIssue
rs
Comma-separated list of issuer URLs. MSDN.
Authentication/OpenIdConnect/[provider]/ClockSkew
The clock skew to apply when validating times.
Authentication/OpenIdConnect/[provider]/NameClaimT
ype
The claim type used by the ClaimsIdentity to
store the name claim.
Authentication/OpenIdConnect/[provider]/RoleClaimT
ype
The claim type used by the ClaimsIdentity to
store the role claim.
Authentication/OpenIdConnect/[provider]/RequireExp
irationTime
A value indicating whether tokens must have
an 'expiration' value.
Authentication/OpenIdConnect/[provider]/RequireSig
nedTokens
A value indicating whether a
System.IdentityModel.Tokens.SecurityToken
xmlns="http://ddue.schemas.microsoft.com/aut
horing/2003/5" can be valid if not signed.
Authentication/OpenIdConnect/[provider]/SaveSignin
Token
A Boolean to control if the original token is
saved when a session is created.
Authentication/OpenIdConnect/[provider]/ValidateAc
tor
A value indicating whether the
System.IdentityModel.Tokens.JwtSecurityToke
n.Actor should be validated.
Authentication/OpenIdConnect/[provider]/ValidateAu
dience
A Boolean to control if the audience will be
validated during token validation.
Authentication/OpenIdConnect/[provider]/ValidateIs
suer
A Boolean to control if the issuer will be
validated during token validation.
Authentication/OpenIdConnect/[provider]/ValidateLi
fetime
A Boolean to control if the lifetime will be
validated during token validation.
77
Authentication/OpenIdConnect/[provider]/ValidateIs
suerSigningKey
A Boolean that controls if validation of the
System.IdentityModel.Tokens.SecurityKey that
signed the securityToken
xmlns="http://ddue.schemas.microsoft.com/aut
horing/2003/5" is called.
See also
Configure Dynamics 365 portal authentication
Set authentication identity for a portal
OAuth2 provider settings for portals
WS-Federation provider settings for portals
SAML 2.0 provider settings for portals
Facebook App (Page Tab) authentication for portals
WS-Federation provider settings for portals
Applies To: Dynamics 365 (online), Dynamics CRM Online
A single Active Directory Federation Services server can be added (or another WS-Federationcompliant
security token service) as an identity provider. In addition, a single Azure ACS namespace can be
configured as a set of individual identity providers. The settings for both AD FS and ACS are based on
the properties of the WsFederationAuthenticationOptions class.
Create an AD FS relying party trust
Using the AD FS Management tool, select Trust Relationships > Relying Party Trusts.
1. Click Add Relying Party Trust
2. Welcome: Click Start
3. Select Data Source: Select Enter data about the relying party manually, click Next
4. Specify Display Name: Enter a name, click Next
Example: https://portal.contoso.com/
5. Choose Profile: Select AD FS 2.0 profile, click Next
6. Configure Certificate: Click Next
7. Configure URL: Check Enable support for the WS-Federation Passive protocol
Relying party WS-Federation Passive protocol URL: Enter https://portal.contoso.com/signin-
federation
Note: AD FS requires that the portal run on HTTPS
Note
The resulting endpoint has the following settings:
78
Endpoint type: WS-Federation
Binding: POST
Index: n/a (0)
URL: https://portal.contoso.com/signin-federation
8. Configure Identities: Specify https://portal.contoso.com/, click Add, click Next
If applicable, more identities can be added for each additional relying party portal. Users will be able to
authenticate across any or all of the available identities.
9. Choose Issuance Authorization Rules: Select Permit all users to access this relying party,
click Next
10. Ready to Add Trust: Click Next
11. Click Close
Add the Name ID claim to the relying party trust:
TransformWindows account name to Name ID claim (Transform an Incoming Claim):
Create AD FS site settings
Apply portal site settings referencing the above AD FS Relying Party Trust.
Note
A standard AD FS (STS) configuration only uses the following settings (with example values):
Authentication/WsFederation/ADFS/MetadataAddress -
https://adfs.contoso.com/FederationMetadata/2007-06/FederationMetadata.xml
Authentication/WsFederation/ADFS/AuthenticationType - http://adfs.contoso.com/adfs/services/trust
Use the value of the entityID attribute in the root element of the Federation Metadata (open the
MetadataAddress URL in a browser that is the value of the above site setting)
Authentication/WsFederation/ADFS/Wtrealm - https://portal.contoso.com/
Authentication/WsFederation/ADFS/Wreply - https://portal.contoso.com/signin-federation
The WS-Federation metadata can be retrieved in PowerShell by running the following script on the
AD FS server:
Import-Module adfs Get-ADFSEndpoint -AddressPath /FederationMetadata/2007-
06/FederationMetadata.xml
Site Setting Name
Description
Authentication/Registration/ExternalLoginEnable
d
Enables or disables external account sign-in and
registration. Default: true
Authentication/WsFederation/ADFS/MetadataAddres
s
Required. The WS-Federation metadata URL of
the AD FS (STS) server. Commonly ending with
the path:/FederationMetadata/2007-
06/FederationMetadata.xml .
79
Example:https://adfs.contoso.com/FederationMe
tadata/2007-06/FederationMetadata.xml. MSDN.
Authentication/WsFederation/ADFS/Authentication
Type
Required. The OWIN authentication middleware
type. Specify the value of the entityID attribute at
the root of the federation metadata XML.
Example:
http://adfs.contoso.com/adfs/services/trust.
MSDN.
Authentication/WsFederation/ADFS/Wtrealm
Required. The AD FS relying party identifier.
Example: https://portal.contoso.com/. MSDN.
Authentication/WsFederation/ADFS/Wreply
Required. The AD FS WS-Federation passive
endpoint. Example:
https://portal.contoso.com/signin-federation.
MSDN.
Authentication/WsFederation/ADFS/Caption
Recommended. The text that the user can display
on a sign in user interface. Default: ADFS. MSDN.
Authentication/WsFederation/ADFS/CallbackPath
An optional constrained path on which to process
the authentication callback. MSDN.
Authentication/WsFederation/ADFS/SignOutWreply
The 'wreply' value used during sign-out. MSDN.
Authentication/WsFederation/ADFS/BackchannelTim
eout
Timeout value for back channel communications.
Example: 00:05:00 (5 mins). MSDN.
Authentication/WsFederation/ADFS/RefreshOnIssue
rKeyNotFound
Determines if a metadata refresh should be
attempted after a
SecurityTokenSignatureKeyNotFoundException.
MSDN.
Authentication/WsFederation/ADFS/UseTokenLifeti
me
Indicates that the authentication session lifetime
(e.g. cookies) should match that of the
authentication token. MSDN.
Authentication/WsFederation/ADFS/Authentication
Mode
The OWIN authentication middleware mode.
MSDN.
Authentication/WsFederation/ADFS/SignInAsAuthen
ticationType
The AuthenticationType used when creating the
System.Security.Claims.ClaimsIdentity. MSDN.
Authentication/WsFederation/ADFS/ValidAudiences
Comma separated list of audience URLs. MSDN.
Authentication/WsFederation/ADFS/ValidIssuers
Comma separated list of issuer URLs. MSDN.
Authentication/WsFederation/ADFS/ClockSkew
The clock skew to apply when validating times.
MSDN.
Authentication/WsFederation/ADFS/NameClaimType
The claim type used by the ClaimsIdentity to store
the name claim. MSDN.
Authentication/WsFederation/ADFS/RoleClaimType
The claim type used by the ClaimsIdentity to store
the role claim. MSDN.
Authentication/WsFederation/ADFS/RequireExpirat
ionTime
A value indicating whether tokens must have an
'expiration' value. MSDN.
Authentication/WsFederation/ADFS/RequireSignedT
okens
A value indicating whether a
System.IdentityModel.Tokens.SecurityToken
80
xmlns="http://ddue.schemas.microsoft.com/author
ing/2003/5" can be valid if not signed. MSDN.
Authentication/WsFederation/ADFS/SaveSigninToke
n
A Boolean to control if the original token is saved
when a session is created. MSDN.
Authentication/WsFederation/ADFS/ValidateActor
A value indicating whether the
System.IdentityModel.Tokens.JwtSecurityToken.A
ctor should be validated. MSDN.
Authentication/WsFederation/ADFS/ValidateAudien
ce
A Boolean to control if the audience will be
validated during token validation. MSDN.
Authentication/WsFederation/ADFS/ValidateIssuer
A Boolean to control if the issuer will be validated
during token validation. MSDN.
Authentication/WsFederation/ADFS/ValidateLifeti
me
A Boolean to control if the lifetime will be validated
during token validation. MSDN.
Authentication/WsFederation/ADFS/ValidateIssuer
SigningKey
A Boolean that controls if validation of the
System.IdentityModel.Tokens.SecurityKey that
signed the securityToken
xmlns="http://ddue.schemas.microsoft.com/author
ing/2003/5" is called. MSDN.
Authentication/WsFederation/ADFS/Whr
Specifies a "whr" parameter in the identity
provider redirect URL. MSDN.
WS-Federation settings for Azure Active Directory
The previous section describing AD FS can also be applied to Azure Active Directory (Azure AD),
because Azure AD behaves like a standard WS-Federation compliant security token service. To get
started sign into the Azure Management Portal and create or select an existing directory. When a
directory is available follow the instructions to add an application to the directory.
1. Under the Applications menu of the directory, click the Add button
2. Choose Add an application my organization is developing
3. Specify a custom name for the application and choose the type web application and/or web
API
4. For the Sign-On URL and the App ID URI, specify the URL of the portal for both fields
https://portal.contoso.com/
This corresponds to the Wtrealm site setting value
5. At this point, a new application is created. Navigate to the Configure section in the menu
Under the single sign-on section, update the first Reply URL entry to include a path in the URL
http://portal.contoso.com/signin-azure-ad
This corresponds to the Wreply site setting value
6. Click Save in the footer
7. In the footer menu click the View Endpoints button and note the Federation Metadata
Document field
81
This corresponds to the MetadataAddress site setting value
Paste this URL in a browser window to view the federation metadata XML and note the entityID
attribute of the root element
This corresponds to the AuthenticationType site setting value
Note
A standard Azure AD configuration only uses the following settings (with example values):
Authentication/WsFederation/ADFS/MetadataAddress - https://login.microsoftonline.com/01234567-89ab-
cdef-0123-456789abcdef/federationmetadata/2007-06/federationmetadata.xml
Authentication/WsFederation/ADFS/AuthenticationType - https://sts.windows.net/01234567-89ab-
cdef-0123-456789abcdef/
Use the value of the entityID attribute in the root element of the Federation Metadata (open the
MetadataAddress URL in a browser that is the value of the above site setting)
Authentication/WsFederation/ADFS/Wtrealm - https://portal.contoso.com/
Authentication/WsFederation/ADFS/Wreply - https://portal.contoso.com/signin-azure-ad
Configure Facebook app authentication
Apply the configuration described in the topic Facebook App (Page Tab) authentication for portals.
See also
Configure Dynamics 365 portal authentication
Set authentication identity for a portal
OAuth2 provider settings for portals
Open ID Connect provider settings for portals
SAML 2.0 provider settings for portals
Facebook App (Page Tab) authentication for portals
SAML 2.0 provider settings for portals
Applies To: Dynamics 365 (online), Dynamics CRM Online
Note
This documentation applies to Dynamics 365 portals and later versions.
One or more SAML 2.0compliant Identity Providers (IdP) can be added to provide external
authentication. This document describes how to setup various identity providers to integrate with a portal
acting as a Service Provider (SP).
82
AD FS (IdP)
Settings for an IdP such as AD FS.
Create an AD FS relying party trust
Note
See Configure AD FS by using PowerShell, below, for information about how to perform these steps in
a PowerShell script.
Using the AD FS Management tool, select Service > Claim Descriptions.
1. Click Add Claim Description...
2. Specify the claim:
Display name: Persistent Identifier
Claim identifier: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
Enable checkbox for: Publish this claim description in federation metadata as a claim type that
this Federation Service can accept
Enable checkbox for: Publish this claim description in federation metadata as a claim type that
this Federation Service can send
Click OK
Using the AD FS Management tool, select Trust Relationships > Relying Party Trusts.
1. Click Add Relying Party Trust...
2. Welcome: Click Start
3. Select Data Source: Select Enter data about the relying party manually, click Next
4. Specify Display Name: Enter a name, click Next
Example: https://portal.contoso.com/
5. Choose Profile: Select AD FS 2.0 profile, click Next
6. Configure Certificate: Click Next
7. Configure URL: Check Enable support for the SAML 2.0 WebSSO protocol
Relying party SAML 2.0 SSO service URL: Enter https://portal.contoso.com/signin-saml2
Note: AD FS requires that the portal run on HTTPS
Note
The resulting endpoint has the following settings:
Endpoint type: SAML Assertion Consume Endpoints
Binding: POST
Index: n/a (0)
83
URL: https://portal.contoso.com/signin-saml2
8. Configure Identities: Specify https://portal.contoso.com/, click Add, click Next
If applicable, more identities can be added for each additional relying party portal. Users will be able to
authenticate across any or all of the available identities.
9. Choose Issuance Authorization Rules: Select Permit all users to access this relying party,
click Next
10. Ready to Add Trust: Click Next
11. Click Close
Add the Name ID claim to the relying party trust:
TransformWindows account name to Name ID claim (Transform an Incoming Claim):
Incoming claim type: Windows account name
Outgoing claim type: Name ID
Outgoing name ID format: Persistent Identifier
Pass through all claim values
Create site settings
Apply portal site settings referencing the above AD FS Relying Party Trust.
Note
A standard AD FS (IdP) configuration only uses the following settings (with example values):
Authentication/SAML2/ADFS/MetadataAddress - https://adfs.contoso.com/FederationMetadata/2007-
06/FederationMetadata.xml
Authentication/SAML2/ADFS/AuthenticationType - http://adfs.contoso.com/adfs/services/trust
Use the value of the entityID attribute in the root element of the Federation Metadata (open the
MetadataAddress URL in a browser that is the value of the above site setting)
Authentication/SAML2/ADFS/ServiceProviderRealm - https://portal.contoso.com/
Authentication/SAML2/ADFS/AssertionConsumerServiceUrl - https://portal.contoso.com/signin-saml2
The Federation metadata can be retrieved in PowerShell by running the following script on the AD FS
server:
Import-Module adfs
Get-ADFSEndpoint -AddressPath /FederationMetadata/2007-06/FederationMetadata.xml
Multiple IdP services can be configured by substituting a label for the [provider] tag. Each unique label
forms a group of settings related to an IdP. Examples: ADFS, AzureAD, MyIdP
Site Setting Name
Description
Authentication/Registration/ExternalLoginEnabled
Enables or disables external account sign-in
and registration. Default: true
84
Authentication/SAML2/[provider]/MetadataAddress
Required. The WS-Federation metadata URL
of the AD FS (STS) server. Commonly ending
with the path:/FederationMetadata/2007-
06/FederationMetadata.xml . Example:
https://adfs.contoso.com/FederationMetadat
a/2007-06/FederationMetadata.xml. MSDN.
Authentication/SAML2/[provider]/AuthenticationType
Required. The OWIN authentication
middleware type. Specify the value of the
entityID attribute at the root of the federation
metadata XML. Example:
http://adfs.contoso.com/adfs/services/trus
t. MSDN.
Authentication/SAML2/[provider]/ServiceProviderReal
m
or
Authentication/SAML2/[provider]/Wtrealm
Required. The AD FS relying party identifier.
Example: https://portal.contoso.com/.
MSDN.
Authentication/SAML2/[provider]/AssertionConsumerSe
rviceUrl
or
Authentication/SAML2/[provider]/Wreply
Required. The AD FS SAML Consumer
Assertion endpoint. Example:
https://portal.contoso.com/signin-saml2.
MSDN.
Authentication/SAML2/[provider]/Caption
Recommended. The text that the user can
display on a sign in user interface. Default:
[provider]. MSDN.
Authentication/SAML2/[provider]/CallbackPath
An optional constrained path on which to
process the authentication callback. MSDN.
Authentication/SAML2/[provider]/BackchannelTimeout
Timeout value for back channel
communications. Example: 00:05:00 (5 mins).
MSDN.
Authentication/SAML2/[provider]/UseTokenLifetime
Indicates that the authentication session
lifetime (e.g. cookies) should match that of the
authentication token. MSDN.
Authentication/SAML2/[provider]/AuthenticationMode
The OWIN authentication middleware mode.
MSDN.
Authentication/SAML2/[provider]/SignInAsAuthenticat
ionType
The AuthenticationType used when creating
the System.Security.Claims.ClaimsIdentity.
MSDN.
Authentication/SAML2/[provider]/ValidAudiences
Comma separated list of audience URLs.
MSDN.
Authentication/SAML2/[provider]/ClockSkew
The clock skew to apply when validating
times.
Authentication/SAML2/[provider]/RequireExpirationTi
me
A value indicating whether tokens must have
an 'expiration' value.
Authentication/SAML2/[provider]/ValidateAudience
A boolean to control if the audience will be
validated during token validation.
85
IdP initiated sign-In
AD FS supports the IdP initiated SSO profile of the SAML 2.0 specification. In order for the portal (SP) to
respond properly to the SAML request initiated by the IdP, the RelayState parameter must be encoded
properly.
The basic string value to be encoded into the SAML RelayState parameter must be in the format:
ReturnUrl=/content/sub-content/ where /content/sub-content/ is the path to the webpage you want to
navigate to on the portal (SP). The path can be replaced by any valid webpage on the portal. The string
value is encoded and placed into a container string of the format: RPID=<URL encoded
RPID>&RelayState=<URL encoded RelayState>. This entire string is once again encoded and added to
another container of the format:
https://adfs.contoso.com/adfs/ls/idpinitiatedsignon.aspx?RelayState=<URL encoded
RPID/RelayState>.
For example, given the SP path: /content/sub-content/ and the relying party ID:
https://portal.contoso.com/, construct the URL with the steps:
Encode the value ReturnUrl=/content/sub-content/
to get ReturnUrl%3D%2Fcontent%2Fsub-content%2F
Encode the value https://portal.contoso.com/
to get https%3A%2F%2Fportal.contoso.com%2F
Encode the value
RPID=https%3A%2F%2Fportal.contoso.com%2F&RelayState=ReturnUrl%3D%2Fcontent%2Fsub-content%2F
to get
RPID%3Dhttps%253A%252F%252Fportal.contoso.com%252F%26RelayState%3DReturnUrl%253D%252Fcont
ent%252Fsub-content%252F
Prepend the ADFS IdP initiated SSO path to get the final URL
https://adfs.contoso.com/adfs/ls/idpinitiatedsignon.aspx?RelayState=RPID%3Dhttps%253A%252
F%252Fportal.contoso.com%252F%26RelayState%3DReturnUrl%253D%252Fcontent%252Fsub-
content%252F
The following PowerShell script can be used to construct the URL (save to a file named Get-
IdPInitiatedUrl.ps1).
<#
.SYNOPSIS
Constructs an IdP initiated SSO URL to access a portal page on the SP.
.PARAMETER path
The path to the portal page.
.PARAMETER rpid
The relying party identifier.
.PARAMETER adfsPath
The AD FS IdP initiated SSO page.
86
.EXAMPLE
PS C:\> .\Get-IdPInitiatedUrl.ps1 -path "/content/sub-content/" -rpid
"https://portal.contoso.com/" -adfsPath
"https://adfs.contoso.com/adfs/ls/idpinitiatedsignon.aspx"
#>
param
(
[parameter(mandatory=$true,position=0)]
$path,
[parameter(mandatory=$true,position=1)]
$rpid,
[parameter(position=2)]
$adfsPath = "https://adfs.contoso.com/adfs/ls/idpinitiatedsignon.aspx"
)
$state = "ReturnUrl=$path"
$encodedPath = [uri]::EscapeDataString($state)
$encodedRpid = [uri]::EscapeDataString($rpid)
$encodedPathRpid = [uri]::EscapeDataString("RPID=$encodedRpid&RelayState=$encodedPath")
$idpInitiatedUrl = "{0}?RelayState={1}" -f $adfsPath, $encodedPathRpid
Write-Output $idpInitiatedUrl
SAML 2.0 settings for Azure Active Directory
The previous section describing AD FS can also be applied to Azure AD because Azure AD behaves like
a standard SAML 2.0 compliant IdP. To get started sign into the Azure Management Portal and create or
select an existing directory. When a directory is available, follow the instructions to add an application to
the directory.
1. Under the Applications menu of the directory, click the Add button
2. Choose Add an application my organization is developing
3. Specify a custom name for the application and choose the type web application and/or web
API
87
4. For the Sign-On URL and the App ID URI, specify the URL of the portal for both fields
https://portal.contoso.com/
This corresponds to the ServiceProviderRealm (Wtrealm) site setting value
5. At this point, a new application is created. Navigate to the Configure section in the menu
Under the single sign-on section, update the first Reply URL entry to include a path in the URL
http://portal.contoso.com/signin-azure-ad
This corresponds to the AssertionConsumerServiceUrl (Wreply) site setting value
6. In the footer menu click the View Endpoints button and note the Federation Metadata
Document field
This corresponds to the MetadataAddress site setting value
Paste this URL in a browser window to view the federation metadata XML and note the entityID
attribute of the root element
This corresponds to the AuthenticationType site setting value
Note
A standard Azure AD configuration only uses the following settings (with example values):
Authentication/SAML2/AzureAD/MetadataAddress - https://login.microsoftonline.com/01234567-89ab-
cdef-0123-456789abcdef/federationmetadata/2007-06/federationmetadata.xml
Authentication/SAML2/AzureAD/AuthenticationType - https://sts.windows.net/01234567-89ab-cdef-
0123-456789abcdef/
Use the value of the entityID attribute in the root element of the Federation Metadata (open the
MetadataAddress URL in a browser that is the value of the above site setting)
Authentication/SAML2/AzureAD/ServiceProviderRealm - https://portal.contoso.com/
Authentication/SAML2/AzureAD/AssertionConsumerServiceUrl - https://portal.contoso.com/signin-
azure-ad
Shibboleth Identity Provider 3
Use the following guidelines for correctly configuration Shibboleth Identity Provider as an IdP service. The
following assumes the IdP is hosted on the domain: https://idp.contoso.com.
The federation metadata URL is: https://idp.contoso.com/idp/shibboleth
The IdP must be configured to generate/serve a Persistent Identifier. Follow the instructions to enable
Persistent Identifier Generation.
The IdP federation metadata (<IDPSSODescriptor>) must be configured to include a SSO redirect
binding. Example.
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://idp.contoso.com/idp/profile/SAML2/Redirect/SSO"/>
Configure the Service Providers (Relying Parties) by setting up the metadata-providers.xml.
88
Each SP federation metadata (<SPSSODescriptor>) must include an assertion consumer service
post binding. One option is to use a FilesystemMetadataProvider and reference a configuration
file that contains:
<AssertionConsumerService index="1" isDefault="true"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://portal.contoso.com/signin-saml2"/>
The Location attribute corresponds to the AssertionConsumerServiceUrl (Wreply) setting.
The SP federation metadata should specify an entityID attribute for the EntityDescriptor which
corresponds to the AuthenticationType setting.
<EntityDescriptor entityID="https://portal.local.contoso.com/">...
Note
A standard Shibboleth configuration only uses the following settings (with example values):
Authentication/SAML2/Shibboleth/MetadataAddress - https://idp.contoso.com/idp/shibboleth
Authentication/SAML2/Shibboleth/AuthenticationType - https://idp.contoso.com/idp/shibboleth
Use the value of the entityID attribute in the root element of the Federation Metadata (open the
MetadataAddress URL in a browser that is the value of the above site setting)
Authentication/SAML2/Shibboleth/ServiceProviderRealm - https://portal.contoso.com/
Authentication/SAML2/Shibboleth/AssertionConsumerServiceUrl - https://portal.contoso.com/signin-
saml2
IdP initiated sign-in
Shibboleth supports the IdP initiated SSO profile of the SAML 2.0 specification. For the portal (SP) to
respond properly to the SAML request initiated by the IdP, the RelayState parameter must be encoded
properly.
The basic string value to be encoded into the SAML RelayState parameter must be in the format:
ReturnUrl=/content/sub-content/ where /content/sub-content/ is the path to the desired webpage to
navigate to on the portal (SP). The path can be replaced by any valid webpage on the portal. The full IdP
initiated SSO URL should be in the format:
https://idp.contoso.com/idp/profile/SAML2/Unsolicited/SSO?providerId=<URL encoded provider
ID>&target=<URL encoded return path>.
For example, given the SP path: /content/sub-content/ and the relying party ID:
https://portal.contoso.com/, the final URL is:
https://idp.contoso.com/idp/profile/SAML2/Unsolicited/SSO?providerId=https%3A%2F%2Fportal.contoso
.com%2F&target=ReturnUrl%3D%2Fcontent%2Fsub-content%2F
The following PowerShell script can be used to construct the URL (save to a file named Get-
ShibbolethIdPInitiatedUrl.ps1).
<#
.SYNOPSIS
Constructs an IdP initiated SSO URL to access a portal page on the SP.
89
.PARAMETER path
The path to the portal page.
.PARAMETER providerId
The relying party identifier.
.PARAMETER shibbolethPath
The Shibboleth IdP initiated SSO page.
.EXAMPLE
PS C:\> .\Get-ShibbolethIdPInitiatedUrl.ps1 -path "/content/sub-content/" -providerId
"https://portal.contoso.com/" -shibbolethPath
"https://idp.contoso.com/idp/profile/SAML2/Unsolicited/SSO"
#>
param
(
[parameter(mandatory=$true,position=0)]
$path,
[parameter(mandatory=$true,position=1)]
$providerId,
[parameter(position=2)]
$shibbolethPath = "https://idp.contoso.com/idp/profile/SAML2/Unsolicited/SSO"
)
$state = "ReturnUrl=$path"
$encodedPath = [uri]::EscapeDataString($state)
$encodedRpid = [uri]::EscapeDataString($providerId)
$idpInitiatedUrl = "{0}?providerId={1}&target={2}" -f $shibbolethPath, $encodedRpid, $encodedPath
Write-Output $idpInitiatedUrl
Configure AD FS by using PowerShell
The process of adding a relying party trust in AD FS can also be performed by running the following
PowerShell script on the AD FS server (save contents to a file named Add-
90
AdxPortalRelyingPartyTrustForSaml.ps1). After running the script, continue with configuring the portal
site settings.
<#
.SYNOPSIS
Adds a SAML 2.0 relying party trust entry for a Dynamics CRM portals website.
.PARAMETER domain
The domain name of the portal.
.EXAMPLE
PS C:\> .\Add-AdxPortalRelyingPartyTrustForSaml.ps1 -domain "portal.contoso.com"
#>
param
(
[parameter(Mandatory=$true,Position=0)]
$domain,
[parameter(Position=1)]
$callbackPath = "/signin-saml2"
)
$VerbosePreference = "Continue"
$ErrorActionPreference = "Stop"
Import-Module adfs
Function Add-CrmRelyingPartyTrust
{
param (
[parameter(Mandatory=$true,Position=0)]
$name
)
$identifier = "https://{0}/" -f $name
91
$samlEndpoint = New-ADFSSamlEndpoint -Binding POST -Protocol SAMLAssertionConsumer -Uri
("https://{0}{1}" -f $name, $callbackPath)
$identityProviderValue = Get-ADFSProperties | % { $_.Identifier.AbsoluteUri }
$issuanceTransformRules = @'
@RuleTemplate = "MapClaims"
@RuleName = "Transform Windows Account Name to Name ID claim"
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname"]
=> issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", Issuer =
c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType,
Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] =
"urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
@RuleTemplate = "LdapClaims"
@RuleName = "Send LDAP Claims"
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer
== "AD AUTHORITY"]
=> issue(store = "Active Directory", types =
("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"), query =
";givenName,sn,mail;{{0}}", param = c.Value);
'@ -f $identityProviderValue
$issuanceAuthorizationRules = @'
@RuleTemplate = "AllowAllAuthzRule"
=> issue(Type = "http://schemas.microsoft.com/authorization/claims/permit", Value = "true");
'@
Add-ADFSRelyingPartyTrust -Name $name -Identifier $identifier -SamlEndpoint $samlEndpoint -
IssuanceTransformRules $issuanceTransformRules -IssuanceAuthorizationRules
$issuanceAuthorizationRules
}
# add the 'Identity Provider' claim description if it is missing
92
if (-not (Get-ADFSClaimDescription | ? { $_.Name -eq "Persistent Identifier" })) {
Add-ADFSClaimDescription -name "Persistent Identifier" -ClaimType
"urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" -IsOffered:$true -IsAccepted:$true
}
# add the portal relying party trust
Add-CrmRelyingPartyTrust $domain
See also
Configure Dynamics 365 portal authentication
Set authentication identity for a portal
OAuth2 provider settings for portals
Open ID Connect provider settings for portals
WS-Federation provider settings for portals
Facebook App (Page Tab) authentication for portals
Facebook App (Page Tab) authentication for
portals
Applies To: Dynamics 365 (online), Dynamics CRM Online
Dynamics 365 portals are capable of hosting Facebook Apps in the context of a Facebook Page Tab.
This is achieved by employing features such as Login with Facebook and ASP.Net MVC Display Modes.
Prerequisites
Start by setting up a standard portal.
Configure IIS
The same website used to host the standard portal is also used to host the Facebook App portal.
However, the website must be configured to respond to Facebook specific site bindings in addition to the
existing bindings. The specific site bindings should contain a host name value that distinguishes it as a
Facebook App portal. For example, a standard portal hosted from the domain contoso.com can specify
the domain facebook-contoso.com for hosting the Facebook App.
Type
Host Name
Port
Notes
http
contoso.com
80
The standard portal.
http
facebook-contoso.com
80
The Facebook App portal.
https
facebook-contoso.com
443
The Secure Facebook App portal.
93
Configure display mode
The MVC Display Modes feature allows the Facebook App to present a customized user experience. The
Facebook display mode is enabled by adding the following site setting.
Site Setting Name
Value (examples - replace
with your Page Tab URL)
Note
DisplayModes/Facebook/HostName
facebook-contoso.com,