Configure Application User

To configure Application user follow the below steps:

Create an App Registration in Microsoft Entra ID (to obtain the three keys)

• Open the Azure portal for the Microsoft Entra ID (Azure AD) tenant that hosts the Dataverse environment (this may be a different tenant than where the container app is deployed).

• Navigate to Manage → App registrations and click New registration.

• Enter the application name and select the first (default) option for supported account types, then click Register.

• Copy the Directory (tenant) ID → this becomes d365-tenant-id.

• After the app registration is created:

• Open the application registration and copy the Application (client) ID → this becomes d365-client-id and Copy the Directory (tenant) ID → this becomes d365-tenant-id.

  

Grant API Permissions for Dynamics CRM

In the app registration, go to Manage → API permissions → Add a permission. Select Dynamics CRM from the API list.

Choose Delegated permissions and then check user_impersonation, then click Add permissions.

Click Grant admin consent to apply the permission for the tenant. This ensures the app can call Dynamics CRM APIs as the signed-in user.

Create a Client Secret (d365-client-secret)

In the app registration, go to Manage → Certificates & secrets → New client secret. Create a new secret and optionally set its expiry. Click Add.

Immediately copy the secret value — this value is shown only once. This copied value is the d365-client-secret you will add to the Container App secrets. If you leave the page, you cannot retrieve this value later.