As it looks like this user is a 'Web Client Only' user, I'm curious if any other 'Web Client Only' users can successfully access Web Client and get into Dynamics GP?
I ask because, unlike regular GP users, users marked as 'Web Client Only' do not have a SQL login behind them, which is why they are unable to login to the Dynamics GP desktop client like regular GP users can.
If regular users can login to Web Client and access Dynamics GP fine, but 'Web Client Only' users cannot, then along with the user's AD directory account and making sure they're a member of the domain security group as has been mentioned, we also need to look at the 'Identity Management' setup, which is what the single sign-on functionality comes from, with Web Client, to make sure that is setup and working correctly.
There are three parts of the Identity Management setup:
1. First is the AD account tied to the user's GP user, via the User Setup window in Dynamics GP, which you mentioned.
2. In GP Utilities of the Dynamics GP directory that Web Client is pointed to, under 'Manage Web Client SQL Server Login' option, a SQL proxy login would have been created, which creates it in SQL Server and assigns it the DYNGRP database role under all GP system and company databases.
3. Last, when you installed Web Client, in the 'GP Configuration' window which has the paths to the Dynamics GP desktop directory, Dex.ini and Dynamics.set files, you would need to enter the same SQL proxy login and password, that was created in GP Utilities.
If the Identity Management setup is not working, the 'Web Client Only' users would be able to login to the initial Web Client screen, but then get prompted with a Dynamics GP login window, which they won't be able to get past, as they don't have an actual GP login on the SQL side to enter.
If the Identity Management does work correct, they would be automatically logged into Dynamics GP after they enter their Windows account credentials in the initial Web Client login window, maybe seeing a Company Selection window, if they have access to more than one GP company.
To verify the SQL login that GP Utilities shows in the 'Manage Web Client SQL Server Login' window, you can look on the IIS/web server where Web Client is installed, browse to C:\Program Files\Microsoft Dynamics\GP Web Components\SessionCentral\ and open the TenantConfiguration.xml file in NotePad.
In this file you'll see the path to the GP directory, Dynamics.set and Dex.ini files for Dynamics GP.
Also, there will be a line for <SqlUserName> which should be the same proxy login you saw in GP Utilities above. Close this file.
If you verify the same SQL login is being used by GP Utilities and Web Client, reset the SQL proxy login password in GP Utilities in the 'Manage Web Client SQL Server Login' window, (DO NOT reset the password in SQL Server itself, as it won't work), then run a Repair of Web Client/Web Components, to reset the password of the proxy login again, in the GP Configuration window, before then testing the single-sign on functionality for Web Client Only users.
Hopefully the above helps..........
Thanks
