Setup Azure Active Directory

Users are authenticated in the Mobile Field Service application through Azure Active Directory (AD). Before users can sign in to Mobile Field Service, the application must be registered in Azure AD by a user with administrator rights in Azure AD. A PowerShell script is provided to ease this installation, but it requires the installation of the Microsoft Azure Active Directory version 2 PowerShell.

Powershell module

Start a PowerShell command prompt with administrative permissions and execute following command the command to install the AzureAD PowerShell module, if you haven’t already done so. If any questions are raised whether you want to install this module from an untrusted source, type:

PowerShell: Install-Module AzureAD The output will look like this:

 

Once this installation is completed, you can close this command prompt.

Register Application

Start a PowerShell command prompt and execute PowerShell script Register-AzureADApp.ps1 with the arguments specified below. The script will ask for the Azure AD tenant for installation and the name of the application.

PowerShell: .\Register-AzureADApp.ps1 -AdminConsent

Specify the following information:

• Tenant – the identifier of the Azure AD tenant or one of its verified domain names. Usually, this is the domain name of the account you use to sign in to Microsoft Dynamics 365 for Operations.

• Display Name – the name of the application to display in the sign-in screen, for example Mobile Field Service.

After executing the PowerShell script, a sign-in screen will appear for Azure Active Directory PowerShell. Provide the credentials of an account that has administrative permissions in Azure AD and sign in. This account will be used for the operations required to register the application in Azure AD, and it is not used for anything else.

To prevent end-users from seeing a consent screen the first time they sign in, a user with administrator rights in Azure AD has a provide a so-called administrator consent. Press the Enter key, when asked to during execution of the PowerShell script, to start a new browser session with the Azure AD consent screen. Sign in with an account that has the required permissions and click on the Accept button. Close the browser window when this process is completed.

After executing the PowerShell script the output will look like this, write down the application identifier:

The application identifier needs to be filled in later in the MFS app à Connection à Client ID.

MFS App registration for Microsoft Dynamics 365 for Finance and Operations

App registration

To enable the communication between Microsoft Dynamics 365 for Finance and Operations and Mobile Field Service, you need to register the app.

Go to the Azure Active Directory to page App registrations and click 'New registration'.

Enter any name for your app registration. After you have done this, click 'register' at the bottom of the form.

When you have registered the app, you will see a screen with the Application (client) ID. This ID needs to be used in the MFS client.

After registration of the app, you need to make sure, it has sufficient rights to access Microsoft Dynamics 365 for Finance and Operations, as well as the MFS client.

Select button 'View API Permissions' in the above form, and select 'add a permission'. Select Dynamics ERP, and go to 'Delegated Permissions'. Check all 3 boxes and save your selection. It is not needed to grant admin consent, but it is optional.

Check Access tokens and ID tokens for the authentication.

 

Set the redirect URL to http://localhost