Personalized Community is here!
Quickly customize your community to find the content you seek.
Choose your path Increase your proficiency with the Dynamics 365 applications that you already use and learn more about the apps that interest you. Up your game with a learning path tailored to today's Dynamics 365 masterminds and designed to prepare you for industry-recognized Microsoft certifications.
Visit Microsoft Learn
2021 Release Wave 1Discover the latest updates and new features to Dynamics 365 planned April 2021 through September 2021.
Release overview guides and videos Release Plan | Preview 2021 Release Wave 1 Timeline
The FastTrack program is designed to help you accelerate your Dynamics 365 deployment with confidence.
FastTrack Program | Finance and Operations TechTalks | Customer Engagement TechTalks | Upcoming TechTalks | All TechTalks
I’ve been recently deployed a quite complex Dynamics 365 portal solution involving a custom authentication provider and other features such as Power BI Embedded and SharePoint integration.
In this series, I’ll discuss in more detail about the authentication side based on my lesson learned out of this challenge to get them working properly. My plan is to discuss the following topics in this series:
Before we begin, I would admit that I’m not a portal expert, I learned the concept and knowledge from these great experts: Colin Vermander, Nick Doelman, George Doubinski and Dileep Singh. So, credit is to my great “teachers”.
So, to begin with, let’s try to understand the authentication methods that the Dynamics 365 portal supports (https://docs.microsoft.com/en-us/dynamics365/customer-engagement/portals/configure-portal-authentication).
In a nutshell, Dynamics 365 portal’s authentication is based on the ASP.Net Identity, which is based on the OWIN Framework (The OWIN framework is the “jargon” that seems to be commonly being used by the auth provider in their documentation, so always good to know and understand how it works/behaves).
There are 2 methods of authentications in Dynamics 365 Portal:
Purely based on Dynamics 365 Contact record to store the authentication details.
Utilising the ASP.Net Identity API to integrate with the external ID providers using either OpenID Connect or OAuth or SAML.
To ensure the portal authentication to work properly, ensure the following solutions exist in the environment. These solutions typically will always be there after the portal instance being provisioned, but I had a case where the overall authentication process is not working properly due to missing one of the following solutions (if you encountered the same issue as me, log a support ticket and the support team can add the missing solution fairly quickly).
The minimum viable option of the authentication would be using the local authentication. However, I would recommend to minimise the usage of the local authentication method and use External Authentication (if possible Azure AD-family) as much as possible, not only for the security compliance but also future proofing your portal investment. This is based on Colin Vermander’s blog post from last year: https://colinvermander.com/2018/05/19/dynamics-365-portals-authentication-deprecation/
Even though the link in the article is no longer showing the deprecation on it, but I reckon the intent to push to Azure AD B2C is still there.
Local Authentication in a Glance
When you are using the Local Authentication, the portal solution is storing the user creds within the contact entity. Password is stored as hashed text within Dynamics 365 (even though Dynamics handles the security and encryption at rest, this could be an “alarming” thing when the system is being audited by security experts. Thus, recommended to use external idp).
Some of the notable site settings that construct the basic behaviour of the local authentication in Dynamics 365 Portal:
The technical description of those settings are available in this documentation article: https://docs.microsoft.com/en-us/dynamics365/customer-engagement/portals/set-authentication-identity
In the next post, I will discuss on how to configure the authentication using Azure AD & Azure AD B2C.
Business Applications communities