Multi-Factor Authentication

  • 2 minutes to read

Starting with the Dynamics GP October 2020 release, you will have the ability to use Multi-Factor Authentication for e-mail functionality. This new feature relies on an Azure Active Director App Registration. In this first section we will go over how to perform the Azure side the of the configuration.

Register the app

  1. First, you'll need to have an administrator who can log into the Azure Portal.

  2. In the search box, type App Registration and select that option:

    Search for App Registration in Azure portal

  3. Click on New Registration as shown in the below screenshot:

    App registration form in Azure portal

  4. You will then choose settings for your new application.

    1. Enter the name of Application Name (e.g. GPMBAApp)

    2. Support account types: Based on the domain or accounts used in the organization, user can select the respective option.

    3. Account in any organizational directory (Single tenant)

    4. Account in any organizational directory (Any azure AD account – Multitenant)

    5. Account in any organizational directory (Any azure AD account – Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox).

    Account types in wizard for registering an app

  5. Click on Register button.

  6. Click on API Permission on the left side panel as shown in the screenshot.

    API Permission menu item highlighted

  7. Click on Add permission button.

    Add permission button highlighted

  8. Microsoft Graph – By default, Microsoft Graph application will have read permission for the user profile. To allow graph application to send an email, we need to add "Mail.Send" permission.

    Graph selected

  9. Click on delegated permission.

  10. Search for "Mail. Send" in the select permission search box.

  11. Mark "Mail. Send" checkbox and click on add permission.

    Permissions for request API

  12. Mail.Send permission will be added under Microsoft Graph.

    Configured permissions

  13. Click on "Authentication" on the left panel under Manage option.

    Authentication menu item highlighted

  14. Click on Add Platform.

    highlighted tile

  15. Enter the value "urn:ietf:wg:oauth:2.0:oob" in the Custom Redirect URIs text box as shown in the screen shot. This uri will redirect to the original application.

    Custom redirect URI specified

  16. Click on Configure button

  17. Save the changes for the application.

    Note

    As of now, Multi-Factor Authentication is not supported in Web Client. Once the Web Client changes are implemented, Default client type must be set to "Yes" as shown in the screen shot.

    Default Client Type

  18. Click on Overview on the left side pane. The Application (client) ID can used in the Microsoft Dynamics GP.

    Highlighted application client ID

From the setup that was done in Azure, now launch Microsoft Dynamics GP 18.3 and go to Tools, Select Setup, choose Company and click Company E-mail Setup.

Company E-mail Setup in GP

Note

There is a new column (MSGraphClientID) added to the company table SY04900, syEmailSetupOptions.