Integration Authentication

Integrating with Dynamics 365 without a licence

John PhillipsProduct Updates

When setting up an integration with Microsoft Dynamics 365, some level of authentication is required. Although a user can often use their own credentials for the task, this adds dependency on this user’s account and relies on the user always having a full licence. We take a look at the alternative methods of authentication: Non-Interactive and Application Users

The problem

To allow other systems access to your Dynamics 365 data, some kind of login is required; partly to maintain security and partly to determine what data within the system can be accessed. The simplest route that people often take is to just to use the credentials of one of their users to access the system. However, this comes with a number of problems:

  • If the user changes their password, the integration will fail until the new password is also added to the integration
  • If the user leaves the business, there will be potential downtime until new credentials have been entered into the integration
  • The user’s account being used may have much more access to the system than required by the integration, presenting an unnecessary risk of data leakage
  • With Microsoft’s new API limits, heavy integrations may exhaust a user’s 24-hour allocation of API requests

Solution No. 1: Non-Interactive Users

A non-interactive user is not a user in the traditional sense – it is used for programmatic access to and from model-driven apps in Dynamics 365 without requiring a licence. Each Dynamics 365 environment can have up to seven non-interactive user accounts. These accounts are straightforward to set up and Microsoft have provided guidance on the process here. One consideration: to initially create a Non-Interactive User, a licence is temporarily required, so you will need to ensure that you have one spare licence available, which may involve temporarily removing a licence from one of your named users while you complete the setup process.

Solution No. 2: Application Users

Introduced in 2016, Application Users use Server-to-Server authentication to connect to the Common Data Service and your Dynamics 365 data. Although Application Users are a type of Non-Interactive User, they are not subject to the seven user limit and as many Application Users can be created as required for each environment. The creation process is a little more involved however, requiring Azure Application registration, but Microsoft have provided a detailed help guide here.

Conclusion

Although integrating two or more system is never a trivial task, with the correct authentication method, potential future headaches can be avoided with the use of Non-Interactive and Application users.

Sign up to receive regular product & business updates direct to your inbox.
 
 
 
First Name*
 
 
Last Name*
 
 
 
Email Address*
 
 
 
 
 
 
 
 
 
Please see our Privacy Policy and Data Protection Policy for information on how we use your data