Reekoh supports the use of Microsoft Dynamics through a number of plugins. In order to utilise the plugin, you need to configure authentication details. There are a number of steps involved to get this working in the smoothest possible manner.
- Create a service account within Microsoft Dynamics
- Create an Office 365 account for the service account
- Create an App Registration / Service Principal for the application in Azure Active Directory (Azure AD)
- Permission granting
Unless you specifically want your service account to impersonate a specific individual, we are best off creating a service account for use within Microsoft Dynamics. This document by Microsoft outlines the steps that are required in order to create an Application User: Application User Creation.
It's important to note that the Application User created in the earlier step is an unlicenced user. It is intended that this user will access Dynamics data on behalf of the end user of the application. However, our integration pipeline doesn't have a specific user and accordingly, we must allocate a licence to the Application User. To do that, we must first create an account for the email address utilised for the Application User within Office 365 and then assign a relevant licence. This document from Microsoft takes you through the relevant process: Add users and assign licences at the same time. You should attempt manual login to this user in case their are first time login requirements imposed by your organisation (eg. changing the password)
Our next step is to create a Service Principal for our integration to utilise. This How-To document from Microsoft walks you through the steps: How to: Use the portal to create an Azure AD application and service principal that can access resources. While you can use an existing App Registration, it would be more conventional to create one for our Dynamics instance. When following the steps, you do not need to set any specific roles or callback URL. At this time, all supporting plugins require the user of a Client Secret for authentication rather than a Certificate.
Once you've created the account in Azure AD, we need to set up some additional permissions. This document from Microsoft (Getting Started Developing Connect Apps for Dynamics 365 Business Central) explains configuring the API permissions required for the Service Principal to be able to impersonate a licenced user in Dynamics. However, in addition to this, on that API permissions page, you should click the 'Grant admin consent' button. This is the final step that then authorises the service principal to be able to impersonate the application user previously set up.
Now - go set up your integration pipeline and use our Dynamics plugins!