You’re offline. This is a read only version of the page.
Announcements
1,160
Hi
I'm trying to integrate Azure AD as external identity with Dynamics portal. When an external ID is authenticated and logged on to the Portal for the first time, dynamics creates a new Contact record and associates it with the external ID.
What I notice is that the external identity username is some form of encrypted hash which must be based on the Azure AD account somehow.
I want to automate the creation of contacts but have no idea how this external identity username is derived.
I want to do this association programmatically. But no idea how to get the username from AD to associate it with contact. Please see the screen shot below.
For anyone looking at this after January 2023 - here is the Power Pages answer to this question. community.dynamics.com/.../identity-strategy-for-power-pages
Hi Michael,
We are experiencing same issue whereby we need to pre load the contacts and have the sign up/sign in process detect the existing CRM contact and update it. It doesn't look the the original poster is on Azure AD B2C - just authenticating through OpenID.
The user name for the external identity record in this case is a hash value as opposed to an object ID GUID.
It doesn't look like we can retrieve this value using Graph API as I don't know what this field relates to. Obviously in Azure AD B2C all external identity records have user name as objectid therefore we are able to query these values using Microsoft Graph.
As far as what the OP is trying to retrieve this not possible without using Azure AD B2C..
Hi blog,
About this issue:
" Was trying to find out how to set this external identity record value during load itself so that user when they connect to portal uses the loaded contact record without creating a new record.
object_id i don't find it in the SAML response received from the ADFS."
The external identity references to user object in AD.
To make it right you need first create user objects in AD using Graph API and Power Shell (AD admin credentials are required).
Then while the load set the reference as "contact.adx_identity_username" = userobject.id
Some links about Graf API:
https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-user-migration
Hi Michael,
Thank you for inputs. My scenarios is like below in Dynamics 365 portal:
- Using ADFS OpenID integration for authentication
- User who will use portal are pre-loaded as contacts in CRM
- Was trying to find out how to set this external identity record value during load itself so that user when they connect to portal uses the loaded contact record without creating a new record.
object_id i don't find it in the SAML response received from the ADFS.
Could you please direct.
Hi Anil and MyCrmBlog,
You can utilize Azure AD Graph API get information about the user object.
docs.microsoft.com/.../active-directory-graph-api
The "Username"(adx_identity_username) in Contact you reference in the screenshot is not a real username but a reference to External Identity (adx_externalidentity) entity.
Try in AdvancedFind to find "external identity.User Name" == value of "contact.adx_identity_username".
It's usually a guid. What kind of identity provider configured in Azure?
The external identity user name is an object id.
This object id allows to call Azure Graph Api to find a user object.
Cheers and easy coding.
#1
André Arnaud de Cal...
294,161
Super User 2025 Season 1
#2
Martin Dráb
232,942
Most Valuable Professional
#3
nmaenpaa
101,158
Moderator
Share
Report
All responses (
Answers (
