Friday, January 27, 2017

Deploying Microsoft Dynamics GP Web Client with Office 365 Identity and Azure Active Directory - Part 1

Hi! As of late I have been seeing a number of questions on forums about deploying Microsoft Dynamics GP Web Client using Office 365 identity. So I figured I would take a deep dive look into this topic, by providing a bit of background and steps to achieve a successful deployment. What you need to know is, you have a range of options.


Office 365 uses Azure Active Directory (Azure AD) cloud-based user authentication service to manage users. This service provides 3 identity models that can be used to manage user accounts:

Cloud identity. In this scenario, accounts are managed in Office 365 only. All the administration is done in the cloud, requiring no on-premise servers to manage the accounts.

Synchronized identity. In this particular case, your on-premise directory objects are synchronized with Office 365, with the bulk of the administration done from your on-premise server. Passwords can be synchronized such that users have the same password both on-premises and in the cloud. The downside to this approach is, users will need to sign in twice: once to the local domain and yet again to access Office 365.

Federated identity. This identity management model allows you to synchronize your on-premises directory objects with Office 365 and manage your users on-premises. The users have the same password on-premises and in the cloud, and they do not have to sign in again to use Office 365. This is often referred to as single sign-on.

The following video describes in more detail how each of these identity models work:

Most organizations will fall within the Synchronized or Federated model, but as more and more organizations move to a pure cloud model, cloud identities are becoming very common.

In my next article, I will go into the pre-requisites to deploy Microsoft Dynamics GP Web Client with Office 365.

Until next post!

Mariano Gomez, MVP


Kerry Draper said...

Hi Mariano

The struggle I have with the implementation of this is how it disabled the new workflow engine in GP. I guess when they developed the Azure integration they did not think those folks would need workflow at the same time. Workflow only uses Windows auth and it you cannot have a mixed environment within a single company. The Azure integration itself works great, very easy to implement and administer and offers multi factor auth which companies like I work at require for external access so it is great. Not being able to rollout any of the features that rely on workflow 2.0 is a big disappointment however. Because of this we had to roll off hundreds of users of GP to Kronos for Timesheet entry. I hope you could have some influence with future direction regarding this.

Mariano Gomez said...


I cannot say much about new features, but suffice to say Microsoft is already working on this for the next upcoming major release. What shape or form it takes, your guess is as good as mine.

microsoft dynamics partner said...

Great solution! Thanks so much for sharing it with us. The first of the article about deploying Microsoft Dynamics GP Web Client with Office 365 Identity and Azure Active Directory is very informative, so I'll be waiting for the next chapter.