Microsoft app registration
The CRM Plugin for Jira needs to access the Microsoft Common Data Service in order to share data between Jira and Dynamics CRM. The CRM plugin can accomplish this by using the Microsoft Client Credentials Grant Flow to make a network connection from your Jira server to the Microsoft Cloud for the purposes of authentication and authorization of the CRM Plugin.
You need to be using at least version 7.2.3 of the CRM Plugin to use the Client Credentials Grant Flow.
There are 3 general tasks required to set this up
- Create an App Registration in Azure
- Create an Application User for Dynamics CRM with whatever permissions you need the CRM Plugin to have (i.e. ability to read and write Cases etc.)
- Configure the CRM plugin in Jira
Create an App Registration in Active Directory
The first step is to create an entry in your company's Azure Active Directory. This process will result in generating a Tenant Id, an Application Id and a Client Secret. These 3 values along with the URL your CRM users use to log into Dynamics CRM are specified in Jira on the CRM plugin's "Initial Setup" screen. This gives the CRM plugin the ability to authenticate with the Microsoft Cloud.
- Using an account with administrator privileges, log into portal.azure.com
- Go to the "Manage Active Directory" screen
- Select "App registrations" in the left rail
- Select "New registration", fill in the required fields and submit
- On the resulting screen, you will see an Application ID and a Directory (tenant) ID, record these as you will need them in later steps
- Select "Certificates & Secrets" in the left rail
- Click the "New client secret" button, fill in the required fields and click the "Add" button to save. You will see a generated client secret value which you need to record as you will need it later
- Select "API permission" in the left rail
- Click the "Add a permission" button, select "Dynamics CRM", check the "user_impersonation" check-box and click the "Add permissions" button to save
Create and Authorize a Dynamics CRM Application User
At this point you have only given the CRM Plugin the ability to authenticate with Microsoft Active Directory, you still need to authorize the plugin to perform operations in Dynamics CRM, this involves creating a Microsoft Dynamics CRM Application User account and giving that Application User the permissions required for the actions you need the CRM Plugin to perform.
Note
The Microsoft UI is ever-changing and the exact steps for your company may differ from the steps given here.
This task has three parts, creating an Application User, creating a custom Security Role for that user and associating the security role with the application user.
Create an Application User
- Log into an admin account in Dynamics CRM
- In the 2nd drop-down menu at the top, select Settings -> Security and click the "Users" feature to get a screen listing current users
- Click on the heading for the list of users to change the type of user to Application Users
- Click NEW in the action bar at the top of the screen
- Set User Name, Full Name and Primary Email to anything you like (we suggest "CRMPlugin Application" for the Full Name), set Application ID to the Application Id you recorded when you created the app registration above.
- Click SAVE & CLOSE in the action bar at the top of the screen
Create a custom Security Role
(while still using an admin account in Dynamics CRM)
- In the 2nd drop-down menu at the top, select Settings -> Security and click the "Security Roles" feature to get a screen listing current security roles
- Click New in the action bar at the top of the screen
- Use something like "CRM Plugin" as the Role Name on the Details tab
- On each of the remaining tabs, select the appropriate privileges that the CRM plugin needs to have (privileges described at https://docs.microsoft.com/en-us/power-platform/admin/security-roles-privileges)
(click on an Entity name to toggle all privileges for that entity)
(click on a Privilege heading to toggle that privilege for all entities)
Recommended privileges
Core Records
| Tab | Privileges |
|---|---|
| Core Records | All access for everything |
| Marketing | All access for everything |
| Sales | All access for everything |
| Service | All access for everything |
| Business Management | Read access for User |
Service Management | Read access for Entitlement |
| Customization | Read access for Entity, Field, Process, Relationship, System Job |
Associate the Security Role with the Application User
(while still using an admin account in Dynamics CRM)
- In the 2nd drop-down menu at the top, select Settings -> Security and click the "Users" feature to get a screen listing current users
- Select the name of the user created earlier (CRMPlugin Application)
- Click MANAGE ROLES in the action bar to get a popup dialog listing all User Roles
- Check the box for the custom Security Role created earlier (CRM Plugin) and click the OK button
Configure the CRM Plugin in Jira
Log into Jira using an account with Jira administrator privileges
- Navigate to the System "Manage apps" screen and in the left rail, select "Initial Setup" in the "CRM SETUP" section
- Verify that you have specified a valid License Key for the CRM plugin (contact sales@goldfingerholdings.com for assistance with licensing)
- In the "CRM Connection" section, for the "System" setting, select "MS Dynamics CRM Online (client credentials)"
- Enter the Tenant Id, Application Id and Client Secret values you received when you created an App Registration in Azure
- Enter the URL used by your CRM users to log into Dynamics CRM, this URL usually looks like "https://company-name.crm.dynamics.com"
Click the "Update Settings" button. You will get a "Settings saved" success message if the CRM plugin was able to authenticate with Azure. For assistance resolving any errors, contact support@goldfingerholdings.com.