Skip to main content
Before you paste anything into OpenCX, you need four values from Azure AD and Dynamics 365: tenant ID, application (client) ID, client secret, and your environment URL. You also need an in Dynamics mapped to the Azure AD app and carrying a security role. Work through the steps below in order — the last step (Application User) only works after the Azure AD app exists.

Before you start

OpenCX writes incident records, and for chat channels creates oc_liveworkitem records in Omnichannel for Customer Service. If you only plan to use phone/email handoffs, Customer Service Enterprise is enough. For web/SMS/WhatsApp handoffs, make sure Omnichannel is provisioned on the environment.
You’ll register an app, create a client secret, and grant admin consent on API permissions. Any of those three steps needs tenant-level admin rights.
You’ll create an Application User and assign a security role inside the Dynamics environment. Environment Admin or System Administrator on the env is enough.

Setup

1

Register an app in Azure AD

Open the Azure Portal → App registrations and click New registration.
FieldValue
NameOpenCX Dynamics Integration (or any name you’ll recognize)
Supported account typesAccounts in this organizational directory only (single tenant)
Redirect URILeave blank — OpenCX uses client credentials, not interactive OAuth
After it’s created, copy the Directory (tenant) ID and Application (client) ID from the Overview page.
2

Create a client secret

In the new app, go to Certificates & secrets → Client secrets → New client secret. Name it opencx and pick an expiry (24 months is the longest Azure allows).
Copy the Value (not the Secret ID) immediately. Azure shows it once; after you leave the page it’s hidden forever and you’ll need to make a new secret.
3

Grant Dynamics API permissions

Go to API permissions → Add a permission → Dynamics CRM → Delegated permissions → user_impersonation. Add it, then click Grant admin consent for <your tenant>. The status column should flip to Granted.
4

Create an Application User in Dynamics

Open the Power Platform admin center → your environment → Settings → Users + permissions → Application users → New app user.
FieldValue
AppPick the Azure AD app you just registered (search by name or client ID)
Business unitThe root business unit of the environment
Save. The Application User row now represents OpenCX inside Dynamics.
5

Assign a security role

Still on the Application User you just created, click Manage roles and attach a role. Two common choices:
  • System Administrator — simplest path; grants everything OpenCX needs and more.
  • Custom role — minimum privileges: Read on Contact, Queue, SystemUser; Create + Write + Append To on Incident and Annotation; Create on Omnichannel Live Work Item if you’re using chat channels.
Without a role, every Dynamics API call OpenCX makes returns 401 Unauthorized even though the token exchange succeeds.
6

Copy your environment URL

Open Dynamics 365 in your browser and copy the URL up to .dynamics.com (example: https://yourorg.crm.dynamics.com). No trailing slash, no path.You’ll use this exact string as the scope prefix during OAuth — a typo here will break credential verification in OpenCX.

What you should have at the end

  • Tenant ID (GUID from the app’s Overview page)
  • Application (client) ID (GUID from the same page)
  • Client secret value (the one Azure showed once)
  • Environment URL (e.g. https://yourorg.crm.dynamics.com)
  • Application User inside Dynamics, mapped to the Azure AD app, carrying a security role
Take those four values to Connect to OpenCX to finish wiring up the integration.

Connect to OpenCX

Paste credentials into the OpenCX dashboard and run Test & Save.

Conversations in Dynamics 365

Routing, incident contents, contact dedupe, and observability.

Troubleshooting

Token 200 but verify fails, 403 on incident create, missing roles.

Dynamics 365 overview

What the integration unlocks across every channel.