Multi-Factor Authentication

  • Article
  • 2 minutes to read

Starting with the Dynamics GP October 2020 release, you will have the ability to use Multi-Factor Authentication for e-mail functionality. This new feature relies on an Azure Active Director App Registration. In this first section we will go over how to perform the Azure side the of the configuration.

Register the app

  1. First, you'll need to have an administrator who can log into the Azure Portal.

  2. In the search box, type App Registration and select that option:

    Search for App Registration in Azure portal

  3. Click on New Registration as shown in the below screenshot:

    App registration form in Azure portal

  4. You will then choose settings for your new application. a. Enter a display name for the application (e.g. GPMFAApp) b. For Supported account types select the second option (Account in any organizational directory (Any azure AD account – Multitenant)) for most all configurations. Choosing the wrong option can lead to an Unknown Error when using MFA in Dynamics GP.

    Account types in wizard for registering an app

  5. Click on Register button.

  6. Click on API Permission on the left side panel as shown in the screenshot.

    API Permission menu item highlighted

  7. Click on Add permission button.

    Add permission button highlighted

  8. Microsoft Graph – By default, Microsoft Graph application will have read permission for the user profile. To allow graph application to send an email, we need to add "Mail.Send" permission.

    Graph selected

  9. Click on delegated permission.

  10. Search for "Mail. Send" in the select permission search box.

  11. Mark "Mail. Send" checkbox and click on add permission.

    Permissions for request API

  12. Mail.Send permission will be added under Microsoft Graph.

    Configured permissions

  13. Click on "Authentication" on the left panel under Manage option.

    Authentication menu item highlighted

  14. Click on Add Platform.

    highlighted tile

  15. Enter the value "urn:ietf:wg:oauth:2.0:oob" in the Custom Redirect URIs text box as shown in the screen shot. This uri will redirect to the original application.

    Custom redirect URI specified

  16. Click on Configure button

  17. Save the changes for the application.

    Note

    As of now, Multi-Factor Authentication is not supported in Web Client. Once the Web Client changes are implemented, Default client type must be set to "Yes" as shown in the screen shot.

    Default Client Type

  18. Click on Overview on the left side pane. The Application (client) ID can used in the Microsoft Dynamics GP.

    Highlighted application client ID

From the setup that was done in Azure, now launch Microsoft Dynamics GP 18.3 and go to Tools, Select Setup, choose Company and click Company E-mail Setup.

Company E-mail Setup in GP

Note

There is a new column (MSGraphClientID) added to the company table SY04900, syEmailSetupOptions.