Skip to main content

Microsoft Dynamics 365 (CRM)

This guide explains how to set up Service-to-Service (OAuth2) authentication for Microsoft Dynamics 365 (CRM/Dataverse) so Exopen can sync data from your environment.

Exopen syncs organization metadata and configurable picklist (option set) attribute values. Additional entity-level sync can be configured per agreement.

ℹ️ Connections are currently set up via Exopen support. Once you have completed the steps below, email the resulting credentials to support@exopen.se and we will finish the configuration.

Step 1: Register an application in Microsoft Entra ID

  1. Sign in to the Azure portal and go to Microsoft Entra IDApp registrationsNew registration.
  2. Enter a name for the application, e.g. Exopen Dynamics 365.
  3. Select Accounts in this organizational directory only (Single tenant) as the account type.
  4. Leave Redirect URI empty — it is not required for the Service-to-Service flow.
  5. Click Register.

After registration, note the following from the overview page:

  • Application (client) ID
  • Directory (tenant) ID

Step 2: Create a client secret

  1. On the application page, go to Certificates & secretsClient secretsNew client secret.
  2. Enter a description and choose an expiry period (12–24 months recommended).
  3. Click Add.
  4. Copy the Value of the client secret and store it securely.

⚠️ The secret value is shown only once. If lost, a new secret must be created.

Step 3: Create an Application User in the Power Platform admin center

Access to data in Dynamics 365 (Dataverse) is granted via an application user linked to the Entra application — not via API permissions on the app registration. You therefore do not need to add any "API permissions" in the Azure portal.

  1. Sign in to the Power Platform admin center.
  2. Select ManageEnvironments and select the environment you want to integrate.
  3. Go to SettingsUsers + permissionsApplication users.
  4. Click + New app user.
  5. Click + Add an app, search for the application created in step 1 (e.g. by Application (client) ID), select it, and click Add.
  6. Choose a Business unit for the application user.
  7. Assign the System Reader security role (or an equivalent read-only role per your internal policy). This gives Exopen read access without the ability to modify data.
  8. Click Create.

Step 4: Send the credentials to Exopen

Email the following information to support@exopen.se:

  • Tenant ID (Directory ID from step 1)
  • Client ID (Application ID from step 1)
  • Client Secret (the value from step 2)
  • Org URL — the URL of your Dynamics environment, e.g. https://contoso.crm4.dynamics.com

🔐 Send the client secret over a secure channel (e.g. a password manager share link) rather than as plaintext in an email if possible.

Once Exopen receives the information we configure the integration and verify the first sync together with you.