Dynamics CRM API

How to get to the “Manage sources” page

Convier supports Odata APIs like the Dyanmics CRM API. This enables Convier to both read from and write data to the Dynamics platform (or other CRM that has an API).

  • Click “Odata API”
  • Set service url https://{identifier}.dynamics.com/api/data/{version} and click “Update source”
    • E.g.: https://org123456.api.crm19.dynamics.com/api/data/v9.2
  • Click “Authenication”
  • Select “App token” for application access or “On behalf of” for delegated access, and enter scope https://{identifier}.dynamics.com/.default
    • E.g.: https://org123456.api.crm19.dynamics.com/.default
  • Click “Update source”
  • Click “Sources” and “Reconnect all”

About access to Dynamics CRM

By default, the Dynamics CRM API supports giving delegated access to applications using the “user_impersonation” scope. Giving this access to the Convier app registration (or other applications) lets the application access Dynamics on behalf of the user, inheriting the user’s permissions. As this would enable Convier to access whatever the user can access in Dynamics, this is for security reasons not desired. In our experience, it is only relevant for Convier to access one or a few “entity sets”, for example a list of Enhanced Due Diligence tasks.

The following is a guide to give the Convier app registration “application” access to an individual entity set in Dynamics. This will enable the Convier app to work with the entity tasks without relying on user permissions, which also prevents Convier from being able access other parts of Dynamics.

Please note that giving application access only should be given in combination with requiring assignment to the Coniver app registration. Without it, it could become possible for authenticated users who are not themselves authorized to access the entity set to access it through Convier.

Contact Convier Support if you are having problems connecting Convier to your Dynamics CRM installation.

Application access to individual Entity Sets in Dynamics CRM

  • Navigate to the settings page for your environement in Power Platform
  • Under “Users + permissions”, click “Security roles” and then “New role” with empty permissions (disable app opener option)
  • Give the new role “Collaborator” access to the desired Entity Set(s)
  • Back on the settings page, under “Users + permissions”, click “Application permissions” and then “New app user”
  • Click “Add an app”, select the Convier app registration, select your business unit, and add the created security role
  • In the Dynamics source configuration page in Convier, click “Authentication”, choose “App token”, enter the scope as described above.
  • Save and reconnect