Microsoft Dynamics 365 Human Resources – Configuration Guide
Microsoft Dynamics 365 Human Resources helps organizations manage employee data, streamline HR processes, and create optimal employee experiences.
How to register an OAuth app for Microsoft Dynamics HR
Microsoft Dynamics 365 Human Resources runs on Finance & Operations (F&O). Apideck reads employees from the F&O OData /data API, so you register a Microsoft Entra ID (Azure AD) application and grant it the Microsoft Dynamics ERP API permission. The legacy standalone "Dynamics 365 Human Resources" (Talent) API is not used.
Before you start, make sure you can sign in to the Azure portal with permission to register applications in the Microsoft Entra tenant that hosts your Dynamics 365 Finance & Operations environment.
Register a new application using the Azure portal
-
Sign in to the Azure portal with a work or school account. If you have access to more than one tenant, select the Microsoft Entra tenant that hosts your F&O environment.
-
Go to Microsoft Entra Admin Center → App registrations → New registration.
-
On the Register an application page, enter:
- Name — a meaningful name shown to users (e.g. "Apideck Unify").
- Supported account types — Multiple Entra ID tenants.
- Redirect URI — platform Web, value
https://unify.apideck.com/vault/callback.
Select Register.

-
Grant the Finance & Operations API permission. Go to API permissions → Add a permission → APIs my organization uses, and search for Microsoft Dynamics ERP (application ID
00000015-0000-0000-c000-000000000000). Select it, choose Delegated permissions, and add at least:- Access Dynamics AX data (
AX.FullAccess) - Access Dynamics AX online as organization users (
Odata.FullAccess) - Access Dynamics AX Custom Service (
CustomService.FullAccess)
Then select Grant admin consent for your tenant.
⚠️ Pick Microsoft Dynamics ERP (
00000015-…) — the Finance & Operations API. Do not pick Dataverse / Common Data Service (00000007-0000-0000-c000-000000000000) or the legacy Dynamics 365 Human Resources (Talent) API (f9be0c49-aa22-4ec6-911a-c5da515226ff,user_impersonation). Apideck targets the F&O operations endpoint, not Dataverse. - Access Dynamics AX data (
-
Create a client secret. Go to Certificates & secrets → New client secret, add a description and expiry, and copy the secret value immediately — it is shown only once.
💡 TIP: Copy the Application (client) ID (from the app's Overview page) and the client secret value. You will need both in the next step.
Give the connecting user access in Finance & Operations
Apideck uses the delegated (user sign-in) OAuth flow: whoever authorizes the connection in Vault signs in with their own Microsoft account, and that account's F&O permissions apply. That user must:
- have a user account in your F&O environment, and
- be assigned a security role whose duties grant Data Services access to the HR entities Apideck reads (e.g.
WorkersandEmployments). See Security and data entities.
The F&O System administration → Setup → Microsoft Entra ID applications registration (which maps a client ID to a service-account user) is only used for service-to-service scenarios — it is not part of this delegated user flow.
Vault Connection Setup
Now that you have your app's Client ID and client secret, enable the integration:
Go to Apideck → Configuration → HRIS → Microsoft Dynamics HR.
Enter the OAuth Client ID and Client secret from your Azure app registration. Apideck requests the per-tenant scope https://<org>.operations.dynamics.com/.default at authorization time — built automatically from each consumer's Organisation URL — so you do not need to configure scopes here.
Press Save settings. Use Test Vault to verify. Consumers can then authorize their Microsoft Dynamics HR (Finance & Operations) connection securely.