Skip to main content


The environments of Power Apps / D365 are stored in the primno.env.json file.

It store the authentication information to connect to environments.

Because this file can contains sensitive information, it should not be saved in a version manager. By default, primno.env.json is ignored by Git through the .gitignore file.

This JSON file is a array of environment objects. Each environment object contains the following properties:

  • name: Name of the environment.
  • connectionString: Connection string of the environment.

The primno.json file contains a environment property that references the environment to deploy to.


"name": "Default",
"connectionString": "AuthType=OAuth;Url=https://<Environnement>;UserName=<UserName>;Password=<Password>"

Connection string

The connection string is a string that contains the authentication information to connect to a Power Apps / D365 environment. Primno uses the connection string format of Xrm Tooling.

The provided connection must have a admin or a customizer role.

Connection string supports:

  • Dataverse (Dynamics 365 online).
  • Dynamics 365 CE (on-premises) since version 9.0.

To learn more about connection string, see:


A easy way to get a connection string is to use the XrmToolBox tool.

Create a new connection by the wizard and copy the connection string though the Show the connection string of this connection button.


Connection string provides many AuthType, but only OAuth is supported by Primno.


To authenticate though OAuth, you must register an application in an authentication provider (ADFS or Azure AD) and set the AuthType property to OAuth.


The OAuth flow is determined by the parameters of the connection string.

ParametersFlowMFA supportDescription
UserName and PasswordUser passwordNoAuthenticate with a user name and a password.
ClientId and ClientSecretClient credentialNCAuthenticate as a service principal, not a user.
UserName onlyDevice codeYesAuthenticate by a url and a code.

Token cache

If you don't want to authenticate each time you run the CLI, you must enable persistent token caching by setting a file path in the TokenCacheStorePath property. Eg: ./cache/token.json.

The token is stored encrypted in the file and will be used for the next authentication.


If you switch between environments, but use the same account, set the same UserName and TokenCacheStorePath properties to connect without re-authentication.

Register an application


In Dataverse environment, you must register an application in Azure AD if you don't uses a Sandbox environment. To learn more, see Register an app in Azure Active Directory.


Sandboxes provides a pre-registered application that will be used if you don't specify the ClientId property.


In on-premises environment, you must have set CBA (Claim-Based Authentication) configured or IFD (Internet Facing Deployment) by using ADFS 2019+ with OAuth 2.0 support enabled.

To register an application in ADFS, see Add-AdfsClient and Grant-AdfsApplicationPermission PowerShell commands.


EnvironmentOAuth flowConnection string
DataverseDevice codeAuthType=OAuth;Url=https://<Environnement>;UserName=<UserName>
DataverseUser passwordAuthType=OAuth;Url=https://<Environnement>;UserName=<UserName>;Password=<Password>
DataverseClient credentialAuthType=OAuth;Url=https://<Environnement>;ClientId=<ClientId>;ClientSecret=<ClientSecret>;RedirectUri=<RedirectUri>
On-premisesUser passwordAuthType=OAuth;RedirectUri=<RedirectUri>;Url=https://<D365Url>;UserName=<Domain>\<UserName>;Password=<Password>