Here are answers to two frequently asked questions about Microsoft Dynamics GP security.

  • Can I use Single Sign-On (SSO) for Dynamics GP?

SSO is one of the trendy solutions that everyone thinks they need.  Dynamics GP relies heavily on encrypted SQL user authentication for security, including company access and access to modules and windows within those modules.   As a result, Microsoft has no current plans to allow Active Directory authentication.  There are several solutions available for web-based or on-premises that will allow you to achieve SSO with Dynamics GP and other non-SSO-compatible applications.  Call us for recommendations.

  • What security model does Dynamics GP use?

Long ago in a galaxy far, far away, Dynamics GP 10.0 switched from an ‘optimistic’ to the preferred (and current) ‘pessimistic’ security model.  In GP version 9 and below, users could access everything unless specifically denied.  When a user is set up in GP 10.0 and later, users have access to nothing – not even a company to log into.  Each user must be granted access to one or more companies, and one or more roles and tasks within each company.  I would recommend scheduling security discovery and training with one of our application specialists who will work with you to set up roles and tasks which make sense for your company’s specific needs.

We may initially grant users one or more built-in roles in order to get you up and running quicker, but that can be easily changed once we understand your separation of duty requirements.

For more Microsoft Dynamics GP tips and tricks visit

By Charles Ray, Senior Systems Specialist, CAL Business Solutions,