Create an D365 Application User via Script

A blog post by Robert Pröll


Posted: 11.2020 | Category: Security | Author: Robert Pröll Tags: DEPLOYMENTS CI/CD DEVOPS ALM POWERAPPS DEPLOYMENT CDS

Robert Pröll | .NET Software Architect

Intro

The benefits of applications users for certain use cases are pretty clear, so let’s see how the setup steps can be simplified.

We assume the scripts are executed by a 3rd person, not a developer.

Requirements:

  • PowerShell Execution Permissions
  • 64 Bit OS / Parent process
  • AzureAD Permissions to create AzureADApplications
  • Administrator Role in D356

Basic Flow:

  1. Register App in AAD
  2. Create SystemUser in D365
  3. Assign security roles to new application user

 

Step 1: AAD Setup

Note: You can either use an existing AppId or predefined ones.  The basic idea here is to register an app and return the id to continue the process via c#.

There are different ways to implement the same behavior, depending on your environment.

 

Result of the PowerShell script:

 

Step 2: Create a systemuser in D365

Create Application User in D365

Create Application User in D365

 

Switch to "Application Users" to see the new user:

 

Step 3: Assign the appropriate security roles:

Done.



About the author

Robert Pröll

.NET Software Architect

Key areas of interest: ALM, .NET C#, PowerShell, Azure, Dynamics 365 Tooling

Robert started in the area of ASP.NET projects and has now more than 10 years of experience in the international Dynamics Enterprise business.

He works mainly as an principal software architect at Kupp and as a external consultant for Microsoft.