Dynamics 365 Commerce authentication flows

هل هذه الصفحة مفيدة؟

هل لديك ملاحظات إضافية؟

سيتم إرسال الملاحظات إلى Microsoft: بالضغط على الزر «إرسال»، سيتم استخدام ملاحظاتك لتحسين منتجات Microsoft وخدماتها. نهج الخصوصية.

This topic provides an overview of the various authentication flows in Microsoft Dynamics 365 Commerce. Although the Dynamics 365 Commerce solution currently supports several authentication scenarios and flows, the core authentication infrastructure of the Commerce Scale Unit (also known as the headless commerce engine) is fully based on OpenID Connect.

Authentication methods

Access to each of the application programming interfaces (APIs) on the Commerce Scale Unit is natively restricted by one or more of the following roles:

• Employee – Access to APIs associated with this role requires point of sale (POS) device activation (a device token) and an authenticated employee.
• Customer – Access to APIs associated with this role requires an authenticated customer. E-Commerce sites generally use these APIs for operations such as retrieving order history and changing customer details.
• Application – Access to APIs associated with this role requires application-level authentication, such as Azure Active Directory (Azure AD) service-to-service authentication.
• Anonymous – APIs associated with this role are primarily used by e-Commerce sites without user authentication.
• Customized APIs – Access to APIs associated with this role can be restricted using any of the methods described above such as POS device activation, customer authentication, and anonymous authentication.

For the full list of Commerce Scale Unit APIs and their access restrictions, see Commerce Scale Unit customer and consumer APIs.

Supported authentication methods

The following table describes the set of supported authentication methods for APIs that require either POS device activation that generates a device token or user authentication that generates a user token.

API category	Scenario	Supported authentication method	Required setup	Additional details
Employee	Dynamics 365 POS authentication flows*	Simple cashier user name and password	In Dynamics 365 Commerce headquarters, configure a user name and password for a worker.	Create a worker
Employee	Dynamics 365 POS authentication flows*	Azure AD credentials	In Commerce headquarters, configure a worker that is mapped to Azure AD credentials.	Enable Azure Active Directory authentication for POS sign-in
Employee	Dynamics 365 POS authentication flows*	Extended sign-in credentials (for example, by using a bar code or a magnetic stripe reader [MSR])	In Commerce headquarters, configure a worker for extended sign-in.	Set up extended logon functionality for MPOS and Cloud POS
Customer	Dynamics 365 Commerce authentication flows	Site user authentication by using Azure AD B2C	Create an Azure AD business-to-consumer (B2C) application. In Commerce headquarters, add the Azure AD B2C application to the accepted list of identity providers. In Commerce site builder, configure the Azure AD B2C application.	Set up a B2C tenant in Commerce Set up custom pages for user sign-ins
Customer	Dynamics 365 Commerce authentication flows	Site user authentication by using an external identity provider that supports OpenID Connect	Create an Azure AD B2C application, and configure it to support external identity providers. In Commerce headquarters, add the Azure AD B2C application to the accepted list of identity providers. In Commerce site builder, configure the Azure AD B2C application.	Set up a B2C tenant in Commerce Set up custom pages for user sign-ins
Customer	Third-party e-Commerce authentication flows	Site user authentication by using an external identity provider that supports OpenID Connect	In Commerce headquarters, add the external identity provider to the accepted list of identity providers.	Configure authentication providers
Application	Third-party app or service authentication flows	Azure AD service-to-service authentication/application authentication	In Commerce headquarters, add the external identity provider to the accepted list of identity providers.

* Sign-in to POS requires device activation for each terminal. For more information, see Point of Sale (POS) device activation.

Unsupported authentication flows

Scenario	Unsupported authentication method	Details
Dynamics 365 POS authentication flows	Authentication without device activation (that is, without a device token)	All POS-related Commerce Scale Unit APIs require a device activation token for authentication.

Dynamics 365 POS employee authentication flows

The following illustration shows POS employee authentication flows in Commerce.

Dynamics 365 e-Commerce customer authentication flows

The following illustration shows e-Commerce customer authentication flows in Commerce.

Third-party e-Commerce customer authentication flows

The following illustration shows third-party e-Commerce customer authentication flows in Commerce.

Third-party application authentication flows

The following illustration shows third-party application authentication flows in Commerce.

Additional resources

Dynamics 365 Commerce architecture overview

Commerce Scale Unit customer and consumer APIs

POS worker logon

Enable Azure Active Directory authentication for POS sign-in

Set up extended logon functionality for MPOS and Cloud POS

Set up a B2C tenant in Commerce

Set up custom pages for user sign-ins

Configure authentication providers

Point of Sale (POS) device activation