With the October 2022 release of Microsoft Dynamics GP Web Client, 18.5, you will have the option to use Modern Authentication for emails. There is some additional setup that is going to be required, both in the App Registration in Azure AD as well as in the Microsoft Dynamics GP client. Also, you’ll want to read through this article to understand important information regarding how Modern Authentication e-mail works differently in the Web Client and the Desktop Client.
App Registration Configuration
- First, in order to create the App Registration in Azure AD you’ll still want to start with the previously documented steps in the following article: Multi-Factor Authentication – Dynamics GP | Microsoft Learn
- Then, within that App Registration go to the “Certificates & secrets” page using the link on the left
- Click +New client secret
- Give the client secret a description, choose an expiration date, then click Add
- This will be your only opportunity to copy down the Value string. This will be needed for the Dynamics GP setup later. If you forget to save this string you can create another secret to retrieve a valid value.
- Next, click on the Authentication link on the left
- Click on +Add a platform
- Click on the Web option
- Enter a URL in the following format in the Redirect URIs field
- The beginning of this address should be the URL you’re using to access the Dynamics GP Web Client.
- Click Configure
- Next, click on the API permissions link on the left
- You should see a link called “Grant admin consent for %domain%” in the Configuration permissions section. Click that to authorize your application
Dynamics GP Configuration
The configuration on the Dynamics GP side still takes place in the Company E-mail Setup window. There are three new fields on this window specifically for the Web Client Modern Authentication setup.
To access this window, go to the Company E-Mail Settings window at Microsoft Dynamics GP>>Tools>>Setup>>Company>>E-mail Settings.
To properly set this up, you need to perform the following steps:
- First, log into the Dynamics GP desktop client and navigate to the Company E-Mail Settings window
- Enter your Application (Client) ID into the Desktop Client Properties section of the window
- Tab off of that field and log in as a global administrator from your Azure AD tenant. Make sure you mark the option to consent to allow Dynamics GP to use your app registration
- Then log into the Dynamics GP Web Client and navigate to the Company E-Mail Settings window
- Fill out the Web Client Properties section of this window as follows
- Application (Client) ID – This is still pulled from the Application (client) ID field on the Overview page in your App registration.
- Key – This is the Value string you saved above when setting up the client secret
- Redirect URL – This is the Redirect URI (e.g. you added to your App registration
Once you’ve added these three values click OK to perform the initial authorization. This is where the behavior between the two clients differs. The current release of the Web Client for Dynamics GP can e-mail via MSGraph/Modern Authentication, but users will not be prompted for credentials like they are in the Desktop Client. The user who performs this initial login is going to be the account that all e-mails will be sent from within the Web Client. Since you already authorized Dynamics GP with the app registration in the Desktop Client this should not need to be a global admin account. For this reason, you will want to put some thought into what user you are specifying here. The only way to change what user that will send e-mail out of the Web Client is to create a new app registration, log into the Web Client in an incognito or in-private browser session and perform the initial setup process again, specifying a different “send as” user.
By CAL Business Solutions, Connecticut Microsoft Dynamics GP & Acumatica Partner, www.calszone.com
Read the original post at: https://community.dynamics.com/gp/b/dynamicsgp/posts/modern-authentication-in-web-client
