Have you been hearing about O365, Azure, LCS and feel like having basic understanding on these? If so, we recommend you to read through this blog.
If you already know them, may be you would like to jump into the section “Understand how D365 authenticates a user”
Basics of D365 – Azure, O365, LCS and User authentication in D365:
As most of us already realized, the new generation business and technologies run on Cloud. From storing personal files on the cloud to running the whole big business, cloud is the technology buzz word now.
The New Dynamics AX, D365, has also got to embrace this change and as we know it is available on Cloud now. We have interacted with consultants who have been working on previous versions of AX and realized that the consultants who haven’t got a chance to work with D365 need some basic understanding on cloud, Microsoft Cloud services and D365 to kick start their learning journey with D365. Here you go with needed information.
This post focuses on giving basic idea on O365, Azure active directory and D365 accessibility.
All the IT conversations these days are revolving around Cloud and On-premises. So, it is important that we, the Dynamics consultants, understand the Cloud terminology. Tenant is one common term that you would come across in cloud conversations. A tenant typically represents an organization that uses Cloud services.
O365 and Microsoft Azure are two most popular cloud services through which an organization can utilize Microsoft Cloud capabilities and any organization that purchases the subscriptions in Azure and O365(but not limited to)can be called as Tenants. Each tenant has its own set of users.
In the above image you can see three tenants in Microsoft cloud services 1. ABC hospitals, an Azure tenant, which is implementing D365 for its operations. 2. Improvize IT, an O365 tenant, a partner company supporting the D365 implementation 3. XYZ It services, an O365 tenant, supporting D365 implementation.
Note: The users who are created under O365 tenant and Azure tenant are stored in Azure active directory (AAD)(which is another key service from Azure). This point is important for us to understand how the access is granted to D365.
Many small and medium size organizations already moved to O365 in order to reduce their IT investments. Being Dynamics AX consultants, a basic idea on O365 is necessary. O365 gives access to office applications plus other productivity applications from Microsoft. Below is a screen shot from the O365 subscription to give you an idea on the stack of applications that O365 users can access.
Instead of licensing for MS office and other required software from Microsoft stack, organizations are looking at O365 subscriptions to reduce their huge IT Investments. O365 subscriptions start from as low as 5usd/month/user.
Azure offers quite a lot of services, but we are focusing only on virtual machines to understand the basic connection of D365 with Azure.
The new D365 being the new generation ERP available on cloud, can be installed in the Virtual machines (replaces the physical servers) available as part of Azure services.
These virtual machines are available on Cloud and accessible from anywhere and thus our D365 installed in these virtual machines is also accessible from anywhere.
Scenario: Let’s recollect the AX installations prior to AX2012 R3. ABC hospitals being AX customer, gets AX installed in a physical server available at their premises and users who need the access will be included in the Active directory of ABC hospitals. Assume that ABC hospitals planned it’s infrastructure to support 500 Sales Invoices per hour. But, unexpectedly due to the malaria break out in the city the network hospitals experienced double the number of patients than they normally serve. This means they need to be generating 1000 Invoices in a single hour while their Infrastructure is planned to support 500 Invoices per hour.
To deal with this situation they would need to scale up their infrastructure to support this need but the reality is that this scale up may be required just for 10 days and will not be required after that period.
The biggest advantage with the Azure virtual machines is that they can be scaled up and scaled down based on the business critical times.
Now, to address the same business situation in D365, as the virtual machines are available in Azure cloud, customer can scale up the infrastructure by paying for the additional capacity for the specific period and it can be scaled down afterwards without much hassle.
Life Cycle services:
Life cycle services, usually referred as LCS, provide a collaborative workspace that can be used by both partners and customers to manage the implementations. If you are not familiar with this, it is recommended that you watch videos and topics around LCS to gain more knowledge about it.
While LCS has lot of tools for use, we wanted to highlight one important point. LCS is the interface through which the D365 environments can be installed and managed.
One should login to LCS to deploy the D365 environment into the virtual machine available through Azure services. So, it’s no more hassle to deploy an AX environment. A functional consultant or pre-sales consultant can deploy their D365 environments with a few clicks in LCS. Note that if you have Azure subscription, a demo D365 environment can be deployed too.
Refer to this link to know more about LCS.
Understand how D365 authenticates a user:
Typically once the D365 is deployed using LCS(Life cycle services), you get a link something similar to this(https://dynamicsAx7aosContoso.cloud.dynamics.com.) by the Administrator. Using this link, authorized users can access the application from anywhere with an internet connection.
It is important that consultants understand how access is granted to D365. Below image will help you understand how access is granted.
User clicks on the URL to access D365 application and will be redirected to Azure active directory(AAD) for authentication. Note that AAD will only authenticate that the user is part of AAD. Once user is authenticated, AAD redirects user to D365 and it checks if he is listed as a user in the D365 instance and required security role assigned to the user under (Administration>Users).
Grant access to the D365 Finance and operations environment:
You may import the users from Azure active directory using Import users button on Users form under System administration> Users. This option will get the listed users from the Azure active directory of the company.
As an alternative, the users can be created with “New” button. It is important to understand what should be the value in “provider” field.
In our case, the provider should have the value https://sts.windows.net/ABCHospitals.com so that it recognizes that the users are part of Azure active directory of ABChospitals.
Scenario: ABC hospitals wants to grant access to D365 application to users of Xgen services who is a O365 tenant.
In prior versions of AX, to grant the access to the users of Partner Company, customer would need to have the users of Partner Company listed in their Active directory and grant them the access. But with D365, as Xgen services is a O365 tenant, their users are already available in the Azure active directory. Access can be granted to these users without the need to include them into the customer’s active directory.
What we need to just do is, directly grant them access in D365 instance in the above mentioned process by mentioning the provider as https://sts.windows.net/Xgenservices.com
Hope this post helped you. Keep learning and Keep DAXing.