Loe inglise keeles Redigeeri

Jagamisviis:


Dynamics 365 Commerce authentication flows

This article provides an overview of the various authentication flows in Microsoft Dynamics 365 Commerce. Although the Dynamics 365 Commerce solution currently supports several authentication scenarios and flows, the core authentication infrastructure of the Commerce Scale Unit (also known as the headless commerce engine) is fully based on OpenID Connect.

Authentication methods

Access to each of the application programming interfaces (APIs) on the Commerce Scale Unit is natively restricted by one or more of the following roles:

  • Employee – Access to APIs associated with this role requires point of sale (POS) device activation (a device token) and an authenticated employee.
  • Customer – Access to APIs associated with this role requires an authenticated customer. E-Commerce sites generally use these APIs for operations such as retrieving order history and changing customer details.
  • Application – Access to APIs associated with this role requires application-level authentication, such as Microsoft Entra service-to-service authentication.
  • Anonymous – APIs associated with this role are primarily used by e-Commerce sites without user authentication.
  • Customized APIs – Access to APIs associated with this role can be restricted using any of the methods described above such as POS device activation, customer authentication, and anonymous authentication.

For the full list of Commerce Scale Unit APIs and their access restrictions, see Commerce Scale Unit customer and consumer APIs.

Supported authentication methods

The following table describes the set of supported authentication methods for APIs that require either POS device activation that generates a device token or user authentication that generates a user token.

API category Scenario Supported authentication method Required setup Additional details
Employee Dynamics 365 POS authentication flows* Simple cashier user name and password In Dynamics 365 Commerce headquarters, configure a user name and password for a worker. Create a worker
Employee Dynamics 365 POS authentication flows* Microsoft Entra credentials In Commerce headquarters, configure a worker that is mapped to Microsoft Entra credentials. Enable Microsoft Entra authentication for POS sign-in
Employee Dynamics 365 POS authentication flows* Extended sign-in credentials (for example, by using a bar code or a magnetic stripe reader [MSR]) In Commerce headquarters, configure a worker for extended sign-in. Set up extended sign-in functionality for Store Commerce app and Store Commerce for web
Customer Dynamics 365 Commerce authentication flows Site user authentication by using Microsoft Entra ID B2C with implicit scope flow
  1. Create a Microsoft Entra business-to-consumer (B2C) application.
  2. In Commerce headquarters, add the Microsoft Entra B2C application to the accepted list of identity providers.
  3. In Commerce site builder, configure the Microsoft Entra B2C application.
Set up a B2C tenant in Commerce

Set up custom pages for user sign-ins

Customer Dynamics 365 Commerce authentication flows Site user authentication by using an external identity provider that supports OpenID Connect with implicit scope flow
  1. Create a Microsoft Entra B2C application, and configure it to support external identity providers.
  2. In Commerce headquarters, add the Microsoft Entra B2C application to the accepted list of identity providers.
  3. In Commerce site builder, configure the Microsoft Entra B2C application.
Set up a B2C tenant in Commerce

Set up custom pages for user sign-ins

Customer Third-party e-Commerce authentication flows Site user authentication by using an external identity provider that supports OpenID Connect with implicit scope flow In Commerce headquarters, add the external identity provider to the accepted list of identity providers. Configure authentication providers
Application Third-party app or service authentication flows Microsoft Entra service-to-service authentication/application authentication In Commerce headquarters, add the external identity provider to the accepted list of identity providers.

* Sign-in to POS requires device activation for each terminal. For more information, see Point of Sale (POS) device activation.

Unsupported authentication flows

Scenario Unsupported authentication method Details
Dynamics 365 POS authentication flows Authentication without device activation (that is, without a device token) All POS-related Commerce Scale Unit APIs require a device activation token for authentication.
Dynamics 365 Commerce authentication flows Site user authentication by using Microsoft Entra business-to-consumer (B2C) with authorization code or On-Behalf-Of flows Authorization code and On-Behalf-Of flows are not currently supported with e-commerce site user authentication.
Third-party e-commerce authentication flows Site user authentication by using an external identity provider that supports OpenID Connect with authorization code or On-behalf-of flows Authorization code and On-behalf-of flows are not currently supported with e-commerce site user authentication.

Dynamics 365 POS employee authentication flows

The following illustration shows POS employee authentication flows in Commerce.

Dynamics 365 POS employee authentication flows.

Dynamics 365 e-Commerce customer authentication flows

The following illustration shows e-Commerce customer authentication flows in Commerce.

Dynamics 365 e-Commerce customer authentication flows.

Third-party e-Commerce customer authentication flows

The following illustration shows third-party e-Commerce customer authentication flows in Commerce.

Third-party e-Commerce customer authentication flows.

Third-party application authentication flows

The following illustration shows third-party application authentication flows in Commerce.

Third-party application authentication flows.

Additional resources

Dynamics 365 Commerce architecture overview

Commerce Scale Unit customer and consumer APIs

POS worker logon

Enable Microsoft Entra authentication for POS sign-in

Set up extended sign-in functionality for Store Commerce app and Store Commerce for web

Set up a B2C tenant in Commerce

Set up custom pages for user sign-ins

Configure authentication providers

Point of Sale (POS) device activation