To configure Dynamics 365 App for Outlook for On-premise Dynamics 365, please follow up steps below :
- please make sure that you have completed the configuration for the Hybrid setup from scratch
https://docs.microsoft.com/en-us/dynamics365/customerengagement/on-premises/admin/connect-dynamics-365-on-premises-exchange-online
- Also, please make sure that you have enabled the OAuth on the CRM server:
(1)Log on Dynamics CRM server as an administrator
(2)Add the Customer EngagementWindows PowerShell snap-in (Microsoft.Crm.PowerShell.dll)
Add-PSSnapin Microsoft.Crm.PowerShell
(3) Enable OAuth by running the script below
$ClaimsSettings = Get-CrmSetting -SettingType OAuthClaimsSettings
$ClaimsSettings.Enabled = $true
Set-CrmSetting -Setting $ClaimsSettings
https://docs.microsoft.com/en-us/dynamics365/customerengagement/on-premises/deploy/post-installation-configuration-guidelines-dynamics-365#configure-the-oauth-provider
- Enable the Forms Authentication on the ADFS (and disable the Windows Authentication):
https://docs.microsoft.com/en-us/dynamics365/customerengagement/on-premises/deploy/post-installation-configuration-guidelines-dynamics-365#enable-forms-authentication
https://docs.microsoft.com/en-us/dynamics365/customerengagement/on-premises/deploy/post-installation-configuration-guidelines-dynamics-365#disable-integrated-windows-authentication-to-prevent-client-authentication-prompts
- Register the Dynamics 365 App for Outlook manifest Uri to the ADFS (obtain the full command from Dynamics 365 CRM->Settings->Dynamics 365 App for Outlook entity-> Copy the add-adfsclient…. Command for the app and paste it in PS)
https://docs.microsoft.com/en-us/dynamics365/customerengagement/on-premises/deploy/post-installation-configuration-guidelines-dynamics-365#register-the-client-apps
[Below are steps to verify if you have register Dynamics 365 App for Outlook in ADFS successfully :
1).Sign in your Dynamics CRM server, Settings->Dynamics 365 App for Outlook entity , you will see full command with ClientId , please take note this ClientId
2). Then Log on your ADFS server, run powershell as Administrator, then run command : get-adfsclient
3).If you already register Dynamics 365 App for Outlook, you will see its detailed information, and the ClientId will be same with above one
4).If you find you have not registered the Dynamics 365 App for Outlook in ADFS, please run the full command which is obtained from Dynamics 365 CRM->Settings->Dynamics 365 App for Outlook-> add-adfsclient….
5).If you find the clientId in step 3 is not same with ClientId in step 1, please remove the client app in step 3 : Remove-AdfsClient
Then the full command which is obtained from Dynamics 365 CRM->Settings->Dynamics 365 App for Outlook-> add-adfsclient…. Again
6).After above, please restart your ADFS service
]
- If you are running ADFS server 4.0 and above, also grant the application permissions:
https://docs.microsoft.com/en-us/dynamics365/customerengagement/on-premises/deploy/post-installation-configuration-guidelines-dynamics-365#grant-application-permission-when-using-windows-server-2016-ad-fs
Grant-AdfsApplicationPermission -ClientRoleIdentifier "<client_id/org_id>" -ServerRoleIdentifier "<org_auth_url>"
Replace the Client Role Identifier ID with the app ID obtained from point 4 and replace the authentication URL and do not forget to put the trailing forward slash “/” after the URL
Grant-AdfsApplicationPermission -ClientRoleIdentifier "806e5da7-0600-e611-80bf-6c3be5b27d7a" -ServerRoleIdentifier https://auth.contoso.com:444
- Once, you have reviewed the information, please confirm again that the OAuth claim setting has been set to “true”. If no, you have re-enabled it
- Please also do not forget to Restart IIS, restart CRM services, restart ADFS services after above