Dynamics365 Finance&Operations connector
General information
Dynamics365 Finance&Operations connector integrates Dynamics365 Finance&Operations environment with OpenIAM allowing to manage system users and security roles. This is the basic set of the functionality that goes out of the box. However, it could be extended and fit your needs.
Out of the box Dynamics365 connector can:
- Retrieve information about system user objects
- Retrieve information about system roles in Dynamics365 Finance&Operations environment
- Retrieve information about memberships of a system users inside system roles
- Assign/revoke system roles from system users
- Set and modify basic system user information
Installation and connection to OpenIAM
All PowerShell connectors are installed in the same way, which is described in the document: PowerShell connector installation
Only requirement specific to this connector is being able to connect to your Dynamics365 Finance&Operations tenant address.
General usage
All PowerShell connectors are used in the same way, which is described in the document: PowerShell connector usage
Configuring managed system
While configuring managed system you should have following properties set:
- Host URL - should be set to your resource address. It can be similar to https://xxxxx.dynamics.com/
- Login Id - uses format client_id@tenant_id that is used to access your API
- Password - should be set to client_secret value.
Configuring policy map
To be able to run provisioning requests to Dynamics365 F&O API, you need to configure policy map.
| Property | Description | Required |
|---|---|---|
| UserID | Unique identifier of system user in Dynamics365 F&O. Please keep in mind that if we create a user - we can give our own UserID value, so we could track this user in future | Yes |
| UserName | Username of this user. | Yes (required for creating user) |
| NetworkDomain | Should unuquely identity network domain for the user. Can be set like "https://sts.windows.net/". | Yes (required for creating user) |
| Alias | Sets alias parameter of the system user. Usually it is the same as user email address or UPN in Azure | Yes (required for creating user) |
| UserInfo_language | Info language in culture format like 'en-us' | Yes (required for creating user) |
| Helplanguage | Help language in culture format like 'en-us' | Yes (required for creating user) |
| AccountType | Could be either Claims user, Claims Grouo, AD Group, AD User. By default - 'ClaimsUser'. Claims - are Azure objects, while AD are belong to on-premeses Active Directory | Yes (required for creating user) |
| Company | String that cntains company information of the user. | No |
| Email address of the user. | No | |
| PersonName | Name of the person, which is usually equal to UserName. | No |
| Enabled | Specifies if user is enabled (True) or Disabled (False) | No |
Add vs Update operations difference
Due to Dynamics365 limitations, not every attribute could be set during update process. Some attributes are only allowed while you add new user. If attribute that is not allowed for update operation is passed - OpenIAM connector would ignore it.
Attributes allowed for ADD operation: 'UserID','Company','Alias','Email','PersonName','Enabled','UserName','NetworkDomain','UserInfo_language','Helplanguage','AccountType'
Attributes allowed for UPDATE operation: 'UserID','Company','Alias','Email','PersonName','Enabled','UserName','UserInfo_language','Helplanguage'
Suspend and resume operations
When OpenIAM sends Suspend operation, connector modifies 'Enabled' property of a given user. Resume operation sets the same proparty back to 'True' state.
Deleting users
Delete operation fully removes user from D365 F&O system.
Synchronization
Dynamics365 F&O connector can synchronize System users, system roles and their memberships. It can synchrinize all of them or a single record by a given identifier.
Search query for synchronizing all systemusers:
Get-SystemUser
Search query for synchronizing single systemuser:
Get-SystemUser -Systemuserid 'e5f759c2-cde2-4396-a153-53a53d2cf172'
Search query for synchronizing all roles:
Get-SecurityRoles
Search query for synchronizing single role:
Get-SecurityRoles -RoleID 'e5f759c2-cde2-4396-a153-53a53d2cf172'
Search query for synchronizing all memberships of the system users towards system roles:
Get-SecurityUserRoles