Microsoft Dynamics GP Fall 2020 - Modern Authentication

The Fall 2020 release adds the ability to use Modern Authentication for e-mail functionality in Dynamics GP.

This functionality uses an App Registration in Azure Active Directory along with Microsoft 365 to provide a second form of authentication.

The process of configuring this App Registration is covered in the What's New section for the Fall 2020 release on our Dynamics GP Docs site

How to configure Modern Authentication in Microsoft Dynamics GP

First, go to the Company E-Mail Settings window at Microsoft Dynamics GP>>Tools>>Setup>>Company>>E-mail Settings.

When you add the Application Client ID into the Email Settings window below, when you save changes, you'll be prompted for the Azure Admin credentials to authenticate.
This is a one-time setup and needs to be done with an Office 365 Global Administrator.  Preferably the account that was used to setup the Azure App. 

In the Azure app is the App set to Multitenant authentication

Enter the Application (Client)ID from your Azure Application to the new field of the same name that has been added in this window.

NOTE: The Application (Client) ID value is held in the new MSGraphClientID field in the SY04900 table in the company database.
MFA is only supported with Exchange.

When you tab off from that field you will get the pop-up window for the Multi Factor Authentication. Users must enter the login credentials to authenticate. Below are the sequence of events you will encounter:

The user that you authenticate as in this window needs to have Multi Factor Authentication enabled in Office 365/Exchange Online.  If they don't have MFA enabled, then you won't be prompted to enter the second form of authentication.  The e-mail will still send for non-MFA accounts.

Click on Ok to save the changes in the Company E-mail Settings window.

Examples of Multi Factor Authentication (Modern Auth) in Microsoft Dynamics GP

First, when performing e-mail functionality in Dynamics GP that would normally fall under the Exchange or MAPI features, your experience would look like:

Go to a window where you can e-mail a report (e.g. Reports>>Financial >>Trial Balance Report)

Open an existing report option or create a new one.

Click on Email Options

Similar to the non-MFA Exchange functionality in Microsoft Dynamics GP, once you have successfully responded to the Multi Factor Authentication window you should not need to enter a text code again within your Dynamics GP session.  You may see the MFA window open, but if you click on your account again it should let you proceed without the second authentication.  Once authenticated you should be taken to the Email Options window where you can set a recipient for the e-mail.

Once you’ve set who will receive the email you can click on the Email button in the Action Pane to send the message, which should then send out of Dynamics GP.

Next, the other main e-mail functionality in Dynamics GP, workflow notifications, uses SMTP and the MFA experience there looks like:

1. The Workflow process will remain the same until you click Submit on the Workflow Action window

At that point you’ll receive the MFA prompt, where you’ll need to provide User Name and Password for your account.  One difference with Workflow is that the e-mail will be sent by the user who authenticated in the MFA window.  The SMTP server name and the account you've specified to send the e-mail in the Workflow Setup window will not be used.

For more documentation on our new features please check out our Microsoft Dynamics GP New Feature Blog Series!

Thank you,

Lucas Miller

Microsoft Dynamics GP