Integration with Microsoft Dynamics

Create a Dynamics integration user

Before logging in into Donna and connecting Dynamics, we strongly recommend to create a dedicated Dynamics integration user and using this integration user to set up the integration, rather than using your own personal Dynamics (admin) user account.

On this page, we describe how to create an integration user. Consider these instructions as a recommendation, rather than a strict guideline. Follow your own company policies while creating this user.

Create a new user

Go to admin.microsoft.com and go to Users, Active users and click on Add a user to create a new user.

Assign the user a Dynamics product license.

Note: Donna requires a regular Dynamics user as Donna uses the OAuth login flow to establish the integration.

Add the user to the Dynamics environment

Go to admin.powerplatform.microsoft.com, select the Dynamics environment and in the Access section, click on See all below the Users title.

On the Users page, click on Add user.

Search the user you just created and click on Add.

For more detailed instructions on how to create a new user and assign it to an environment, visit https://learn.microsoft.com/en-us/power-platform/admin/create-users

Create a new security role

Go to admin.powerplatform.microsoft.com, select the Dynamics environment and in the Access section, click on See all below the Security roles title.

On the Security roles page, click on New role.

On the newly create role detail page, select Show all tables and assign the following table and miscellaneous permissions. Consider these listed permissions to be an example. Exact permissions depend on the use cases covered with Donna.

Table permissions:

Account
1. Create: Organization
2. Read: Organization
3. Write: Organization
4. Append: Organization
5. Append to: Organization
Contact
1. Create: Organization
2. Read: Organization
3. Write: Organization
4. Append: Organization
5. Append to: Organization
Lead
1. Create: Organization
2. Read: Organization
3. Write: Organization
4. Append: Organization
5. Append to: Organization
Opportunity
1. Create: Organization
2. Read: Organization
3. Write: Organization
4. Append: Organization
5. Append to: Organization
Opportunity Sales Process
1. Read: Organization
Activity
1. Create: Organization
2. Read: Organization
3. Write: Organization
4. Append: Organization
5. Append to: Organization
Note
1. Create: Organization
2. Read: Organization
3. Write: Organization
4. Append: Organization
5. Append to: Organization
Connection
1. Create: Organization
2. Read: Organization
3. Write: Organization
4. Append: Organization
5. Append to: Organization
Team
1. Read: Organization
User
1. Read: Organization
Attribute
1. Read: Organization
Entity
1. Read: Organization
OptionSet
1. Read: Organization
Relationship
1. Read: Organization
Workflow
1. Read: Organization

Miscellaneous privileges:

View Audit History
1. Read: Organization
View Audit Summary
1. Read: Organization

For more detailed instructions on how to create a new security role, visit https://learn.microsoft.com/en-us/power-platform/admin/create-edit-security-role

Assign the security role to the integration user

Go to admin.powerplatform.microsoft.com, select the Dynamics environment and in the Access section, click on See all below the Users title.

Select the integration user and click on Manage security roles in the menu bar. Find the newly created security role, select it and click on Save.

Login to Donna and connect to Dynamics

Watch the video or follow instructions below.

Open a web browser (We recommend to open an incognito window where you are not logged in into Dynamics. This allows you to login with the integration user later on), and go to https://app.askdonna.com

Login with Google, Microsoft or magic sign in link (If you did not yet receive an invite to Donna, please request an invitation from a colleague who did).

Once logged in, click on Settings and then Integrations. You require an admin or owner role in Donna to see the Settings and Integrations pages.

On the Integrations page, click on Connect with Dynamics CRM. You will be directed to the Microsoft login page. Login with the integration user (not with your own personal user!). Depending on your Microsoft Entra ID consent and permission settings, you may see a screen where you can request admin approval. If that is the case, read the section below on consent and permissions.

After loggin in with the integration user, you will be directed back to Donna.

That's it! The integration is now set up!

The Donna Microsoft Enterprise Application

The Dynamics integration is a Microsoft integration that creates a Microsoft Enterprise Application named Donna in Microsoft Entra ID.

This Enterprise Application is used for all Donna Microsoft integrations, including:

Microsoft OAuth login
Outlook Calendar integration
Outlook Mail integration
Microsoft Dynamics integration

The Donna Enterprise Application is automatically created the first time a user logs in to Donna using their Microsoft account or configures a Microsoft integration. It cannot be manually created.

Although there is only one Donna Enterprise Application in Microsoft Entra ID, the permissions granted to it depend on the integrations that are configured. Each integration requests its own specific set of permissions.

Permissions required for Dynamics

The following permissions are required for the Dynamics integration:

Dataverse: user_impersonation

The user_impersonation permission is used to sync Dynamics data to Donna.

Viewing the Donna Enterprise Application in Entra ID

To view the Donna Enterprise Application, a Microsoft administrator can go to https://portal.azure.com, navigate to Microsoft Entra ID, select Enterprise applications, and search for and open the application named Donna.

If no Enterprise Application named Donna is listed, this means that no user in the Microsoft tenant has yet logged in to Donna using Microsoft OAuth or configured a Microsoft integration.

Consent and permissions

Depending on your Microsoft Entra ID consent and permission settings, users may be able to grant consent themselves or may require administrator approval.

If administrator consent is required, the consent process must first be initiated by a user attempting to log in with Microsoft or configure a Microsoft integration. When this happens, the user will automatically see a screen where they can submit a request for approval. In some organizations, users are not allowed to request administrator consent. In that case, a Microsoft administrator must initiate the consent process.

Watch the video showing how to request admin approval / consent.

An administrator can then review and approve the request, which grants the requested permissions for that specific integration at the tenant level.

Watch the video showing how to review and accept the admin consent request.

Administrator consent must be initiated through a login or integration attempt. Permissions cannot be granted in advance without an initial consent request.

Even though there is only one Donna Enterprise Application, Microsoft login and each Microsoft integration requires its own administrator approval the first time it is configured, as login and different integrations may request different permissions. Once administrator consent has been granted for login or a specific integration, subsequent users in the tenant will be able to login and set up that integration without needing to request approval again.

Restricting which users can login with Microsoft and set up Microsoft integrations in Donna

In addition to managing consent and permissions, administrators can also control which users are allowed to sign in to Donna with their Microsoft account and configure Microsoft integrations.

To do this, navigate to the Donna Enterprise Application, then go to Manage, Properties. The “Assignment required?” setting determines access. When set to Yes, only users who have been added under Users and groups can sign in to Donna using Microsoft and set up Microsoft integrations.

Help center