Configure a Microsoft Dataverse source for CDC

This page describes how to configure a Microsoft Dataverse environment to stream change data to a supported destination using Datastream.

Before you begin

Before you start configuring Dataverse for use with Datastream, you need to:

• Have access to an active Microsoft Azure subscription with permissions to manage Azure Active Directory (AAD) and Dataverse.
• Have an active Dataverse environment.
• Have knowledge of how to navigate and change settings in the Microsoft Azure Portal, Dataverse, and Dynamics 365.
• Have permissions to register applications in AAD and create or assign roles in Dataverse.

Configure a Microsoft Dataverse environment for use with Datastream

To establish a connection between your Dataverse environment and Datastream, you need to authenticate using the OAuth 2.0 client credentials flow. This requires registering an application in AAD and configuring an application user within Dataverse.

Register an application in Azure Active Directory

Dataverse uses AAD for authentication. To register an application, follow these steps:

1. Sign in to the Azure Portal with an administrator account.
2. In the portal, go to Azure Active Directory > App registrations > New registration.

3. Register the application:

   1. Under Application name, provide the name for your application, for example, DatastreamDataverseConnector.
   2. Select the account type, typically, Accounts in this organizational directory only.
   3. Click Register.

4. After registration, copy the Application (client) ID and the Directory (tenant) ID from the Overview page to a safe location for later use. These IDs are required for the Datastream connection profile.

5. Generate the client secret:

   1. In your registered application settings, go to Certificates & secrets > New client secret.
   2. Provide a description and set an expiration date for your secret.
   3. Click Add.

6. Copy the generated secret value, because it's only displayed once. You need the secret when you create the Datastream connection profile.

7. Assign API permissions:

   1. Go to API permissions > Add a permission.
   2. Select Microsoft APIs > Dynamics CRM.
   3. Select Application permissions.
   4. Click Grant admin consent for your directory.

Configure the Dataverse application user

Create an application user in Dataverse to represent the AAD application.

1. Sign in to your Microsoft Dataverse environment with administrator privileges.
2. Go to Settings > Security > Users.
3. Change the view from Enabled users to Application users.
4. Click New to create a new application user.
5. Paste the Application (client) ID copied from AAD into the Application ID field. Other details, such as User name are automatically populated.
6. Save the record.

7. Assign security roles:

   1. Open the newly created application user record.
   2. Click Manage roles.
   3. Assign the appropriate security roles that grant the necessary read permissions for the tables that you want Datastream to replicate. We recommend using a custom role with minimum required read permissions on the specific tables rather than a broad role, such as System administrator. Ensure that the role has access to read table metadata.

IP Restrictions

If your Dataverse environment or network has IP address restrictions, ensure that the Datastream public IP addresses are allowed to connect to your Dataverse environment URL (for example, ORGANIZATION_NAME.crm.dynamics.com).

What's next

• Learn how to create a connection profile for a Dataverse source.
• Learn more about how Datastream works with Dataverse sources.