Hi all,
I'm working on a Dynamics 365 plug-in, and need to obtain secrets from Azure KeyVault. As I'm aware, external libraries (such as Azure SDKs) could not be used, as the plug-in is running in a sandbox mode. Therefore, we are going to use the Azure REST APIs for that purpose.
And before creating a request to retrieve the secret from KeyVault, we need to be provided with an authorization token. Based on the articles, there are two endpoints that needs to be called, the first one to obtain a code, and in the second one to use that code to retrieve an Access token.
For that reason, we should store sensitive credentials (client_id, tenant_id etc..) in database, which is not the best approach.
My question is, is there a possibility to authenticate the REST API calls using one of the following ways:
UAMI/SAMI for D365: Can we leverage User-Assigned Managed Identity/System-Assigned Managed Identity directly with CRM?
Using App Registration with Federated Credentials: If UAMI/SAMI isn't an option, we could consider using an App Registration. In that case, can we utilize Federated Credentials instead of a client secret? This approach would help us avoid storing sensitive credentials elsewhere.
Leveraging UAMI/SAMI for Azure REST API authorization within a plugin in D365
Microsoft has recently introduced Managed Identities for Plugins, which is currently in preview. This new feature may be exactly what you have been looking for. However, I have encountered some difficulties in getting it to work properly. Specifically, I have received an error message stating "Federated identity credentials flow failed" when attempting to acquire a token. Please let me know if you have any ideas on how to resolve this error.
Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.
7
Share
Report
All responses (
Answers (
