I am trying to set up MS Dynamics integration. I am using an existing Azure AD application, when I try to do an Action test of Get Contact By Phone Number, I am getting an error running the test:
"message": "Request to backend service failed.\n{"error":"invalid_grant","error_description":"AADSTS70002: Error validating credentials. AADSTS50126: Invalid username or password\r
I have verified I can log into crm using this user/pass, is it possible that my Application ID is wrong? The screenshot below shows the AD setup and the ID I am using in the purecloud config.
That's a slightly different UI than we have in our Azure portal, but yes, the client ID and application ID should be the same GUID. The other area to look at, do you have the correct Root Organization Web Address entered in the credentials?
I checked with our crm team and they said the URL I am using is the right root org web address. They said there is a different URL for the api but they were pretty sure this isn't what it was asking for.
One thing I noticed is when I go back into the integration configuration, when I click on configuration, all the fields are empty. Is it possible everything I am putting in here isn't actually saving?
I may reach out to our purecloud support service and see if they can help.
The info you are saving is definitely there (as long as you hit the save button on the integration); the reason the fields reset after you close the pop-up is that the service that stores your credentials doesn't have a mechanism to "fetch" your credentials, and this is an intentional approach to provide an additional layer of security for these credentials.
The base URL should be the beginning of your CRM instance; what you navigate to in the web browser. the example given in the documentation https://contoso.crm.dynamics.com is a good reference. Our development accounts follow this pattern, using https://{{orgName}}.crm.dynamics.com/main.aspx#138707441 as the main page presented when you login. We use this base URL (including the https://) to "ping" dynamics, which then provides the correct redirect URL for us to authorize against their REST API using the AppID, UN, and PW provided to return a valid token for use with the remainder of the REST API calls we are making.
I would double check the base URL to ensure it's correct (you should be able to plug it into your browser and be redirected to the login screen), and that it includes the https:// prefix. I would also double check the Application ID and make sure it doesn't include anything odd like trailing spaces that might cause a problem with Microsoft's authentication endpoint. If neither of those bear fruit, it might be good to open this up with support, simply so we can speak a little more freely about the specifics of your credentials.
I have checked that. One thing I am wondering may be wrong is the azure ad app integration setup. The steps on what permissions it should have are a little unclear to me. Does anything stick out as wrong?
Am I doing something wrong with the test? I am just clicking on Actions, Get Contact By Phone Number, "Edit Actions", setup tab, test tab, entering a number and clicking run action. That is when I get the invalid credentials.
Based on my testing, it looks like there could either be an issue with the application ID or the username/password combo. When I attempt to hit your base URL (using totally bogus credentials), I get an error message that my user needs to be added to your directory. Based on your error, it appears that it's finding the user but not successfully logging in.
using a tool like postman, can you attempt a login using your oauth client? The below is basically what PureCloud is using to authenticate with your Dynamics instance.
We figured this out. Our instance of Dynamics is using another auth form for single sign on. AD syncs with a local AD. When you log in to CRM we actually go to another login method which issues a saml token.
Long story short, we created a special azure ad user that doesn't go through that process and we could authenticate.
