Connect XrmToolBox with MFA Step-by-Step guide
There is no denying that the XrmToolBox is one of the best collections of tools for any developer, consultant, business analyst or administrators who work with Dynamics 365, CDS and Power Apps. I have used it on nearly every project I have worked on and it’s one of the best (if not THE BEST) resources I have ever had access to. Tanguay “XrmToolBox Creator” Touzard updated the ToolBox to support multiple connection methods because security is extremely important to most organisations.
There is plenty of documentation online about how to create multiple connection methods but most rely on you knowing more than they actually tell you, so they will give you the building blocks but not the whole house. Well, after many attempts and a lot of swearing….I finally managed it, and here is how to do it!
This method uses an Azure App ID. There are other methods like certificates and App Passwords, but this is the one I’m going to go through. You will need a few things:
Access to your Azure Portal and Azure AD (You do not need to be an Office 365 admin for this)
Your D365/CDS environment URL
This guide :)
Navigate to https://portal.azure.com/ and click the hamburger menu, then Azure AD.
Then go down to App Registrations and click on Endpoints because we need to get the OAuth 2.0 token endpoint (v2) which we will use later. Save this endpoint somewhere safe and then close the side panel.
Back on the App Registration page, click “New registration” and you will get the new registration page open.
Give the App a Name, I’ve used something that relates to my Dynamics Environment but you can call it what you like. In Supported Account Types choose “Account in this organizational directory only (<name> tenant only - Single Tenant)” this will just allow access by people inside your organisation to authenticate. Next you need to change the Redirect URI (Optional) to be “Public client/native (mobile & desktop)” from “Web”. This was one of the things which is not well documented but if you don’t change this setting, it won’t work. In the box next to this setting, put in the OAuth 2.0 token endpoint (v2) we saved earlier. With all these settings filled in, click “Register”.
You should be redirected to the below screen and your App is now registered. You now have another piece of information we need, Application (client) ID. Again, copy this GUID because we will be using this later.
Next, on the side bar on the left select “API permissions” and then click “Add a permission”.
You get a list of options, choose Dynamics CRM (really? Yes, really) and then we want to choose “Delegated permissions and then select the user_impersonation and then click “Add permissions”.
Next, on the side bar on the left, select Manifest and in the editor change the “allowPublicClient” from null to true and press save.
That’s all we need from the App, it’s all setup and ready to go, now we just need to connect it to XrmToolBox.
Open the XrmToolBox, click connections, and create new connection and then choose Multi Factor Auth.
It will first ask you for your environment URL, put this into the box and click next. It will then ask you for 3 things, Azure Application ID, Replay URI and Username / Email address
AppID = This is the Application (client) ID we got earlier after registering our app
Redirect URI = this is the OAuth endpoint we got at the start
Username / Email Address = Your email address/user name to log into the environment with.
Once you have put these in, click next, give your environment a name and Voila!
You can also configure this to use a connection string, here are the details you need for that. Open the XrmToolBox, click connections, and create new connection and choose Connection String.
Next we need to build the connection string and for that we need multiple parts:
AuthType = This is the authentication type, we are using OAuth in this example
Username = email login for your for D365/CDS Environment
Password = Password for the above login
URL = URL of the D365/CDS environment you want to connect to
AppID = This is the Application (client) ID we got earlier after registering our app
Redirect URI = this is the OAuth endpoint we got at the start
TokenCacheStorePath = This is the path where we are going to store the token we get back, we can use a default location.
LoginPrompt = This is the way the login will work, whether it will prompt the user for the login. We will use Auto for this.
Below is an example of the connection string, if you fill in the username, password, url, Appid and redirect URI, keep everything else the same, you will be good to login.
AuthType=OAuth;
Username=matt@MattsDemo.com;
Password=Password1;
Url=https://MattsDemo1.crm4.dynamics.com/;
AppId=324234-34sl-8392-1fg6-132s24h53lss23;
RedirectUri=https://login.microsoftonline.com/12ke23a-sj2k-224s-a343-asddk2333al/oauth2/v2.0/token;
TokenCacheStorePath=c:\\Temp\\Oauth\\cache.txt;
LoginPrompt=Auto
Put in the connection string, click next, it will authenticate, you will need to approve the login using your MFA method and then give your environment a name.
There you go, a step-by-step guide to connecting the XrmToolBox to an environment with MFA enabled.
Ciao for now!