When a user login a knowledge center CRM Portal site via Azure AD, the authentication token mechanism can only be shared within the CRM Portal website itself, and the token is unable to be used to retrieve data from a SharePoint Online site.
This is because CRM uses the Form_Context mechanics to authenticate to retrieve the resources in CRM system. That means when we attach a SPO site in CRM, CRM cannot use Form Context to authenticate with SPO to retrieve the resources. So CRM failed to retrieve the resources in SPO by anonymous method.

For example in a real business case for an organisation, when there are Dynamic 365 pages that has image links pointing to a SharePoint site, the image links on the Dynamic 365 pages will be broken/show blank. User will need to manually go to the SharePoint site to complete the SSO process and then the image on a Dynamic 365 page will the appear.

My suggestion is can we please have SSO token authentication mechanism in Dynamic 365 platform to be shared with SharePoint online platform to resolve this issue?

This is so that Dynamic authentication will have consistent behavior like the Office 365 SPO/EXO/Skype/Teams/OneDrive that use the same authentication mechanics to authenticate with Azure AD (AAD) to retrieve the SSO ID token to access the resources between different components.


Needs Votes