Multi-Factor Authentication

Starting with the Dynamics GP October 2020 release, you will have the ability to use Multi-Factor Authentication for e-mail functionality. This new feature relies on an Azure Active Director App Registration. In this first section we will go over how to perform the Azure side the of the configuration.

Register the app

  1. First, you'll need to have an administrator who can log into the Azure Portal.

  2. In the search box, type App Registration and select that option:

    Search for App Registration in Azure portal
  3. Click on New Registration as shown in the below screenshot:

    App registration form in Azure portal
  4. You will then choose settings for your new application.

    1. Enter the name of Application Name (e.g. GPMBAApp)

    2. Support account types: Based on the domain or accounts used in the organization, user can select the respective option.

    3. Account in any organizational directory (Single tenant)

    4. Account in any organizational directory (Any azure AD account – Multitenant)

    5. Account in any organizational directory (Any azure AD account – Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox).

    Account types in wizard for registering an app
  5. Click on Register button.

  6. Click on API Permission on the left side panel as shown in the screenshot.

    API Permission menu item highlighted
  7. Click on Add permission button.

    Add permission button highlighted
  8. Microsoft Graph – By default, Microsoft Graph application will have read permission for the user profile. To allow graph application to send an email, we need to add "Mail.Send" permission.

    Graph selected
  9. Click on delegated permission.

  10. Search for "Mail. Send" in the select permission search box.

  11. Mark "Mail. Send" checkbox and click on add permission.

    Permissions for request API
  12. Mail.Send permission will be added under Microsoft Graph.

    Configured permissions
  13. Click on "Authentication" on the left panel under Manage option.

    Authentication menu item highlighted
  14. Click on Add Platform.

    highlighted tile
  15. Enter the value "urn:ietf:wg:oauth:2.0:oob" in the Custom Redirect URIs text box as shown in the screen shot. This uri will redirect to the original application.

    Custom redirect URI specified
  16. Click on Configure button

  17. Save the changes for the application.

    Note

    As of now, Multi-Factor Authentication is not supported in Web Client. Once the Web Client changes are implemented, Default client type must be set to "Yes" as shown in the screen shot.

    Default Client Type
  18. Click on Overview on the left side pane. The Application (client) ID can used in the Microsoft Dynamics GP.

    Highlighted application client ID

From the setup that was done in Azure, now launch Microsoft Dynamics GP 18.3 and go to Tools, Select Setup, choose Company and click Company E-mail Setup.

Company E-mail Setup in GP

Note

There is a new column (MSGraphClientID) added to the company table SY04900, syEmailSetupOptions.